Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.misc -> Re: Need help preventing injection - newbie
AlexCook wrote:
> Hi
>
> I am an oracle newbie. Also an intermediate in mysql.
>
> In the past I've used a method in PHP to prevent injection:
>
> function _escape ( $sql )
> {
> $args = func_get_args();
> foreach($args as $key => $val)
> {
> $args [ $key ] = mysql_real_escape_string ( $val );
> }
> $args [ 0 ] = $sql;
> return call_user_func_array ( 'sprintf', $args);
> }
>
> Wondering if anyone knows the oracle equivalent in PHP for preventing
> sql injection?
>
> Thanks in advance
In Oracle user bind variables and the DBMS_ASSERT built-in package.
-- Daniel A. Morgan Oracle Ace Director & Instructor University of Washington damorgan_at_x.washington.edu (replace x with u to respond) Puget Sound Oracle Users Group www.psoug.orgReceived on Mon Nov 19 2007 - 00:59:26 CST