Home › Forums › Back End › php variables › Reply To: php variables
June 1, 2014 at 12:27 am
#171512
__
Participant
is there anyway to escape sql in FORM data.
You can. With PDO, the proper method to escape data for use in an SQL statement is PDO::quote
. If you chose this approach, it would probably be simpler to just use PDO directly, since you’d by bypassing all of the methods your wrapper class provides.
i don’t like using bind because code get long and long and i need to store data in variables every time..
Binding the parameters and using prepared statements is a much better choice. It may be a few extra lines of typing, but it is far safer and more reliable. I would really encourage you to reconsider.