ADOdb

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Tom
    #1

    ADOdb

    I'm interested in adopting ADOdb (actually ADOdb Lite) and have a
    simple question that I haven't been able to quite pinpoint an answer
    to.

    I'm used to using the native mysql functions with
    mysql_escape_st ring(). With ADOdb, is this handled transparently with
    the execute method or should I take my own steps to sanitize input
    data?

    Also, one of the reasons I'm looking at ADOdb is I'd like to start to
    explore postgreSQL. Are the security considerations with postgre
    similar to mysql?

    If you can point me in the right direction, I'll appreciate it.

    Thanks,
    Tom

    Tags: None
    • fletch
      #2
      Re: ADOdb

      > Also, one of the reasons I'm looking at ADOdb is I'd like to start to[color=blue]
      > explore postgreSQL. Are the security considerations with postgre
      > similar to mysql?[/color]

      Yes. Pretty much. The permissions system is not the same, iirc.

        Comment

        • Juliette
          #3
          Re: ADOdb

          Tom wrote:[color=blue]
          > I'm interested in adopting ADOdb (actually ADOdb Lite) and have a
          > simple question that I haven't been able to quite pinpoint an answer
          > to.
          >
          > I'm used to using the native mysql functions with
          > mysql_escape_st ring(). With ADOdb, is this handled transparently with
          > the execute method or should I take my own steps to sanitize input
          > data?
          >[/color]

          When using adodb you should escape strings using the $db->qstr() method,
          this will escape the string properly for the database type you use.

          Data returned will be returned 'sanely', i.e. if slashes where added for
          insertion into the database, they will be removed automagically.

          Have a look at the adodb documentation, it's pretty detailed and
          explains all this.

          Grz, Jrf

            Comment

            • Tom
              #4
              Re: ADOdb

              Thank you for the responses. This helped.

              In the event anyone else comes across this with the same question,
              here's the ADOdb documentation:

              Cell Phone Tracker App - Track Mobile Phone Location Free
              http://phplens.com/lens/adodb/docs-adodb.htm
              The Phone Tracker App by Snoopza is the best tracking app for cell phones. You can track mobile locations for free, as well as track calls, chats and text messages with this Android application.


              And on inserting:

              Cell Phone Tracker App - Track Mobile Phone Location Free
              http://phplens.com/lens/adodb/docs-adodb.htm#ex3
              The Phone Tracker App by Snoopza is the best tracking app for cell phones. You can track mobile locations for free, as well as track calls, chats and text messages with this Android application.


              I also found the Wikipedia article on SQL injection useful (it mentions
              ADOdb specifically):

              SQL injection - Wikipedia
              http://en.wikipedia.org/wiki/SQL_injection#Remediation


              Tom

                Comment

                Previous template Next
                Working...