Perhaps many of us must work with others' programs and make improvements each time.
For years I've been doing just this especially when it relates to db access.
While all my new work uses PDO prepared statements there is still a fair quantity of mysqli code to be addressed.
Currently these older methods are using the mysqli_real_escape_string before placing string fields into the database and a combination of htmlspecialchars() and preg_replace are used when data is taken out of the database.
While I'm in the process of doing another set of revisions I've been researching the opinions of others regarding the recommended technique to handle this.
It appears that most/all of the mysqli methods are procedural and not OO but the PDO is always OO.
What are everyone's views on the methods to cleanse the strings to/from in these cases?
Examples if you have them would be appreciated.
Thanks,
For years I've been doing just this especially when it relates to db access.
While all my new work uses PDO prepared statements there is still a fair quantity of mysqli code to be addressed.
Currently these older methods are using the mysqli_real_escape_string before placing string fields into the database and a combination of htmlspecialchars() and preg_replace are used when data is taken out of the database.
While I'm in the process of doing another set of revisions I've been researching the opinions of others regarding the recommended technique to handle this.
It appears that most/all of the mysqli methods are procedural and not OO but the PDO is always OO.
What are everyone's views on the methods to cleanse the strings to/from in these cases?
Examples if you have them would be appreciated.
Thanks,