Ask a Question
Advertise on boostr.in
Organizational Research By
Surprising Reserch Topic
escaping column names in pdo statements
escaping column names in pdo statements Â using -'php,mysql,pdo'
I am currently building a query where both the field/column and value parts possibly consist of user inputted data.
The problem is escaping the fieldnames.
I'm using prepared statements in order to properly escape and quote the values but when escaping the fieldnames i run into trouble.
mysql_real_escape_string requires a mysql connection resource in order to us so that is ruled out
PDO::quote adds quotes around the fieldnames which renders them useless in a query too
addslashes works but isn't really safe
Anyone has an idea on what the best way is to properly insert the fieldnames into the query before passing it to PDO::prepare?
Â Â Â Â
Oct 6, 2015
to add a comment.
Related Hot Questions
Government Jobs Opening