mysql_real_escape_string() needs a db connection and Yii has done that, but I can’t work out a way to use this function with DAO or AR.
If I can’t use this function then what is the alternative way to input safely?
mysql_real_escape_string() needs a db connection and Yii has done that, but I can’t work out a way to use this function with DAO or AR.
If I can’t use this function then what is the alternative way to input safely?
My fault. I should have searched before i post.
Here I found a question on stackoverflow:
Do I have to use mysql_real_escape_string if I bind parameters?
Seems if you are using PDO you don’t have to escape strings. Since DAO and AR are both based on PDO, we don’t have to waste time escaping input. Am I right?