Is MySQLi secure without mysql_real_escape_string

Discussion in 'MySQL' started by ketting00, May 17, 2011.

0
  1. #1
    Hi,

    I've tried but failed to put mysql_real_escape_string into functioning with MySQLi. So, is it secure to let users login and signup without prevent MySQL injection with this feature. How do you guys get around this problem. I'm new to MySQLi thing but considered to migrate my database command from MySQL to MySQLi.

    Thanks
    Ket
     
    ketting00, May 17, 2011 IP
  2. jestep

    jestep Prominent Member

    Messages:
    3,659
    Likes Received:
    215
    Best Answers:
    19
    Trophy Points:
    330
    #2
    Can you post the code you're using. It's always best to sanitize inputs. You don't have to use real_escape_string but it is necessary to use some method to preventing sql injection.

    MySQLI also uses a different method of escape. http://php.net/manual/en/mysqli.real-escape-string.php

    It's not the same function as mysql_real_escape_string.
     
    jestep, May 18, 2011 IP
  3. ketting00

    ketting00 Well-Known Member

    Messages:
    782
    Likes Received:
    28
    Best Answers:
    3
    Trophy Points:
    128
    #3
    Thanks jestep,

    I'm looking for exactly what you suggested. Never imagine it is that simple.
     
    ketting00, May 18, 2011 IP