Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Linc Detroit Admin
edited September 2009 in Vanilla 2.0 - 2.8
If I need to sanitize data before using $Database->Query is there a method for that? I'm looking for a mysql_real_escape_string replacement in Garden and am not finding it.
1. Is there a reason why you were forced to do it that way?
2. I guess we need to make a convenience method for sanitizing strings...
For some of the queries I can't grab and insert in the same query; I have to do a little data manipulation with PHP, and what's currently stored in the database isn't safe for an unsanitized data insert. I currently added "addslashes" to a bunch of the queries as a work-around, but as I understand that isn't really foolproof like mysql_real_escape_string.
The Connection method returns a pdo which has the quote method.