Home/ Questions/Q 7432931
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-29T09:32:09+00:00

I am trying to port a php file that is used with MySQL. My

  • 0

I am trying to port a php file that is used with MySQL. My goal is to have this file working with Oracle instead of MySQL. I have gotten all of the connect string switched over. I am now stuck with finding an Oracle equivalent commands for:

mysql_real_escape_string($string);

Can someone tell me what it would be, or direct me to somewhere that will tell me. Thanks!

I gave an attempt to PDO::quote and PDO::prepare and it says that Call to a member function prepare() on a non-object for both prepare and object. The whole purpose of this is to get TightURL to work directly from my web server. My web server uses Oracle, not MySQL so I am having to convert the main php file to work with Oracle.

I attempted it on a WAMP server with MySQL and it worked great, but when I try to use the prepare or quote for Oracle I get that error above.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Since you’re using PDO to connect to Oracle, the function would be PDO::quote. Note that PDO::quote places quotes around strings while mysql_real_escape_string does not.

    Having said that, it would be best to use prepared statements instead of string concatenation to issue SQL statements. From the manual:

    If you are using this function to build SQL statements, you are
    strongly recommended to use PDO::prepare() to prepare SQL statements
    with bound parameters instead of using PDO::quote() to interpolate
    user input into an SQL statement. Prepared statements with bound
    parameters are not only more portable, more convenient, immune to SQL
    injection, but are often much faster to execute than interpolated
    queries, as both the server and client side can cache a compiled form
    of the query.

    • 0