Is there any other way to do this? I'd rather not use PDO.
On Feb 10, 2008 2:46 PM, Nathan Nobbe <[EMAIL PROTECTED]> wrote:
> On Feb 10, 2008 2:38 PM, NotReally GonnaTell <[EMAIL PROTECTED]> wrote:
>
> > Hello all, I am wondering how I should prevent SQL injection attacks
> > while
> > using SQLite, MySQL has the trusted mysqli_real_escape_string,
> > but SQLite doesn't have it's own custom function, i've tried str_replace
> > in
> > my code, but SQLite returns an error whenever I use a '. I've tried
> > googling
> > around, but I haven't found anything useful.
> >
>
> you can use PDO, and its prepared statements.
>
> -nathan
>
