The forums ran from 2008-2020 and are now closed and viewable here as an archive.

Home Forums Back End php variables Reply To: php variables


is there anyway to escape sql in FORM data.

You can. With PDO, the proper method to escape data for use in an SQL statement is PDO::quote. If you chose this approach, it would probably be simpler to just use PDO directly, since you’d by bypassing all of the methods your wrapper class provides.

i don’t like using bind because code get long and long and i need to store data in variables every time..

Binding the parameters and using prepared statements is a much better choice. It may be a few extra lines of typing, but it is far safer and more reliable. I would really encourage you to reconsider.