Skip Evans wrote: > Hey all, > > Okay, I'm looking all through the PDO docs on > php.net, but am unable to find the SQLite > equivalent to the MySQL function > > mysql_real_escape_string() > > in case, among other things, a text field contains > single quotes, etc. > > How is this done in SQLite? I'm still scouring the > the docs but having no luck. > > Does it have something to do with > > $dbh->prepare() > > ...or am I on the wrong track with that one?
While I agree with Jay, using bound parameters is a much better approach, there is a partial answer to your question. SQLite provides the sqlite3_mprintf() function and it's associated %q and %Q format specifiers for quoting SQL strings. See http://www.sqlite.org/c3ref/mprintf.html for details. I'm not sure if this functionality is exposed through the Perl PDO wrapper though. HTH Dennis Cote _______________________________________________ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
