问题
i am trying to set some attributes to my pdo connection, i am using the odbc drvier that is connecting to SQL Server and i get unknown attribute
$db = new PDO("odbc:Driver={SQL Server};Server=127.0.0.1;Database=my_db;charset=utf8; Uid=my_usser;Pwd=my_pass;");
$db->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
print_r($db->errorinfo());
//It show me: Array ( [0] => 00000 [1] => 0 [2] => Unknown Attribute (setAttribute[0] at (null):0) [3] => IM001 )
I want to set PDO::ATTR_EMULATE_PREPARES to false coz i read here is a secure way to stop sql injection when using prepare functiom.
回答1:
You have to use prepared statements to make it secure.
While EMULATE_PREPARES is irrelevant to security and safe either way.
Also, you have to use only settings supported by the driver.
回答2:
It is not possible to use prepared statements from Linux to MSSQL. Deploy your production code on Windows and use PDO SQLSRV driver, or don't use prepared statements (which basically means you can't use Unicode).
来源:https://stackoverflow.com/questions/17164316/setattribute-to-pdo-using-odbc-driver