Re: Is there PHP mysql_real_escape_string for postgresql?

At 10:46a -0500 on 20 Dec 2007, Bill Moran wrote:
> In response to Erik Jones <erik@myemma.com>:
>>> In php is there a postgresql version of mysql_real_escape_string() ?
>> You have both pg_escape_string and pg_escape_bytea available.
>
> Is there a mysql_fake_escape_string()?  Should PostgreSQL have a
> pg_pretend_to_escape_string() that effectively does nothing?

Haha!  Awesome!  You should "count it," Bill.

Serious now, who writes the code for those PHP functions?  Is that a
call that PHP makes to the respective database or does someone actually
continually keep the PHP code "up-to-date"?

Second question: why is there not more emphasis on using prepared
statements?  I was taught at $SCHOOL that prepared statements,
especially for anything involving unknown user input, is the Right Way.
 Am I missing something or is the lack of use of these just a noob factor?

Thanks,

Kevin