I just get a lil (xD, a lot would be better) worried about sanitizing input variables when using ’em in SQL querys.
I had read a lot in here and other webs but, they all talk about mysql_real_escape_string()
I would like some help learning to do something like that, but I’m using Oracle 10g. Also I’m using jquery to do some validation.
So I’d like to know ways to protect me working the client side.
I’m willing (like always) to read anything that would help, my problem is I don’t know where to start.
Use Bind Variables that way you don’t even have to worry about it. I’m no php programmer, but a quick google of oracle php bind variable yields some good results, like this one: http://php.net/manual/en/function.oci-bind-by-name.php
Bind Variables ensure that you are immune to sql injection attacks, as well as vastly improve the performance of your query in oracle (they allow oracle to cache the “soft parsed” query).