I understand that the proper way to handle all SQL query nowadays should be using PDO (or use the function provided in a PHP framework, like eloquent in laravel) However, as there is mysql_real_escape_string
for MySQL, I am curious if there is a function like that for Oracle in PHP?
I have searched on Google and most answer seems to be writing a string replace code by yourself. That works at least on some common problem like quote ('
), but I am just curious if there are built-in function for that. (and just in case there are other escape needed to be done to prevent SQL injection)