1. 

   jooles Peon

   Messages:

   61

   Likes Received:

   1

   Best Answers:

   0

   Trophy Points:

   0

   #1

   Will mysql_real_escape_string() prevent all MySQL injection attacks? I'm being told this is true, but it doesn't seem like enough ...
   

    

   jooles, Sep 17, 2009 IP
   
2. 

   premiumscripts Peon

   Messages:

   1,062

   Likes Received:

   48

   Best Answers:

   0

   Trophy Points:

   0

   #2

   It should prevent most attacks, however there's still a way around it in specific cases. Read this:
   
   http://ilia.ws/archives/103-mysql_real_escape_string-versus-Prepared-Statements.html
   
   So, it's best that you use mysqli with prepared statements or PDO instead.

    

   premiumscripts, Sep 17, 2009 IP

• Log in with Facebook

Your name or email address:

Do you already have an account?

• No, create an account now.
• Yes, my password is:
• Forgot your password?

Stay logged in