Mysql_Real_Escape_String() Alternative?

Yii 1.1 General Discussion
1

I want to ensure prevention from SQL injection. In the past I’ve used mysql_real_escape_string, but when using it with Yii, I receive the following error:


Can't connect to local MySQL server through socket

I’ve found quoteValue() as an alternative. Is this the recommended way of parsing the SQL?

Thanks in advance.

2

Have a read here, http://www.yiiframework.com/doc/guide/1.1/en/database.query-builder

3

Yii uses PDO instead of mysql_connect. Using PDO you should use params and prepared statements and that will take care of quoting strings.

Take a look at this forum post .

4

Thanks for the responses. I appreciate the help. I was close in what I was doing, but not 100% there. This clears it up.

Thanks again.