Clever Geek Handbook

SQL Injection Prevention: Is mysql_real_escape_string () really all I need?

Possible Duplicate:
Best Way to Stop SQL Injection in PHP

It seems too good to me to be true to me that this simple function does everything I need. However, most of my Google searches come up with results that basically say "just use this feature and you'll be fine!"

I've seen a couple that briefly or too high a level for my own novice mind to understand, talk about parameterized SQL statements. Are they necessary, and if so, can someone point me to a good link?

+2


source to share


3 answers


Look at this question, great accepted answer: Do htmlspecialchars and mysql_real_escape_string provide PHP code from under injection?



0


source


Alternative point of view: http://littlebobbytables.com/



Edit: wow, this is a completely wrong site: try this one: http://bobby-tables.com/

+1


source


That's all you need, unless you change the database character set, IIRC.

0


source






More articles:


All Articles