Need help preventing injection - newbie

#1

Hi

I am an oracle newbie. Also an intermediate in mysql.

In the past I've used a method in PHP to prevent injection:

function _escape ( $sql )
{
$args = func_get_args();
foreach($args as $key => $val)
{
$args [ $key ] = mysql_real_escape_string ( $val );
}
$args [ 0 ] = $sql;
return call_user_func_array ( 'sprintf', $args);
}

Wondering if anyone knows the oracle equivalent in PHP for preventing
sql injection?

Thanks in advance

#2

AlexCook wrote:

Quote:

Hi

I am an oracle newbie. Also an intermediate in mysql.

In the past I've used a method in PHP to prevent injection:

function _escape ( $sql )
{
$args = func_get_args();
foreach($args as $key => $val)
{
$args [ $key ] = mysql_real_escape_string ( $val );
}
$args [ 0 ] = $sql;
return call_user_func_array ( 'sprintf', $args);
}

Wondering if anyone knows the oracle equivalent in PHP for preventing
sql injection?

Thanks in advance

In Oracle user bind variables and the DBMS_ASSERT built-in package.
--
Daniel A. Morgan
Oracle Ace Director & Instructor
University of Washington
damorgan@x.washington.edu (replace x with u to respond)
Puget Sound Oracle Users Group
www.psoug.org

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Need help preventing injection - newbie

comp.databases.oracle.misc comp.databases.oracle.misc

Need help preventing injection - newbie - 11-18-2007 , 10:46 PM

Re: Need help preventing injection - newbie - 11-19-2007 , 12:59 AM