dtjo51649 2018-05-18 07:29
浏览 116

是否有内置函数来转义Oracle查询的字符串? (比如MySQL的mysql_real_escape_string)

I understand that the proper way to handle all SQL query nowadays should be using PDO (or use the function provided in a PHP framework, like eloquent in laravel) However, as there is mysql_real_escape_string for MySQL, I am curious if there is a function like that for Oracle in PHP?

I have searched on Google and most answer seems to be writing a string replace code by yourself. That works at least on some common problem like quote ('), but I am just curious if there are built-in function for that. (and just in case there are other escape needed to be done to prevent SQL injection)

  • 写回答

2条回答 默认 最新

  • donglang1894 2018-05-18 10:26
    关注

    There is a package DBMS_ASSERT. It is dedicate to prepare and validate input string. DBMS_ASSERT
    ENQUOTE_LITERAL function

    If want to hardcore string literals you can use quitting mechanism.
    q'( ... )'
    q'~ ... ~'
    q'! ... !'

    DECLARE
       v VARCHAR2(1024);
    BEGIN
       v := q'( The string  with quouts ',','   )';
       DBMS_OUTPUT.PUT_LINE(v);
    END;
    评论

报告相同问题?

悬赏问题

  • ¥15 python变量和列表之间的相互影响
  • ¥15 写一个方法checkPerson,入参实体类Person,出参布尔值
  • ¥15 我想咨询一下路面纹理三维点云数据处理的一些问题,上传的坐标文件里是怎么对无序点进行编号的,以及xy坐标在处理的时候是进行整体模型分片处理的吗
  • ¥15 CSAPPattacklab
  • ¥15 一直显示正在等待HID—ISP
  • ¥15 Python turtle 画图
  • ¥15 关于大棚监测的pcb板设计
  • ¥15 stm32开发clion时遇到的编译问题
  • ¥15 lna设计 源简并电感型共源放大器
  • ¥15 如何用Labview在myRIO上做LCD显示?(语言-开发语言)