AlexCook wrote:
> Hi
>
> I am an oracle newbie. Also an intermediate in mysql.
>
> In the past I've used a method in PHP to prevent injection:
>
> function _escape ( $sql )
> {
> $args = func_get_args();
> foreach($args as $key => $val)
> {
> $args [ $key ] = mysql_real_escape_string ( $val );
> }
> $args [ 0 ] = $sql;
> return call_user_func_array ( 'sprintf', $args);
> }
>
> Wondering if anyone knows the oracle equivalent in PHP for preventing
> sql injection?
>
> Thanks in advance
In Oracle user bind variables and the DBMS_ASSERT built-in package.
--
Daniel A. Morgan
Oracle Ace Director & Instructor
University of Washington
damorgan_at_x.washington.edu (replace x with u to respond)
Puget Sound Oracle Users Group
www.psoug.org
Received on Mon Nov 19 2007 - 00:59:26 CST
