darkfreaks Posted January 11, 2009 Share Posted January 11, 2009 okay i heard somewhere that MYSQLI functions are equipped to sanitize MYSQL injection is this true? or do i have to use something like mysqli_real_escape_string() or learn prepared MYSQLI statements ??? Link to comment https://forums.phpfreaks.com/topic/140415-solved-simple-mysqli-question/ Share on other sites More sharing options...
Rushyo Posted January 11, 2009 Share Posted January 11, 2009 mysqli_real_escape_string() will work for most purposes. Link to comment https://forums.phpfreaks.com/topic/140415-solved-simple-mysqli-question/#findComment-734886 Share on other sites More sharing options...
Mchl Posted January 11, 2009 Share Posted January 11, 2009 MySQLi enables you to use prepared statements, which are pretty good protection against many injection attacks (not all of them though, and it is not a 'wonderful solution that'll make your troubles go away') Link to comment https://forums.phpfreaks.com/topic/140415-solved-simple-mysqli-question/#findComment-734888 Share on other sites More sharing options...
darkfreaks Posted January 11, 2009 Author Share Posted January 11, 2009 thanx i will do some testing on those solutions see which one works the best Link to comment https://forums.phpfreaks.com/topic/140415-solved-simple-mysqli-question/#findComment-734890 Share on other sites More sharing options...
Mchl Posted January 11, 2009 Share Posted January 11, 2009 Combination of both probably. Link to comment https://forums.phpfreaks.com/topic/140415-solved-simple-mysqli-question/#findComment-734894 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.