9three Posted April 16, 2009 Share Posted April 16, 2009 I heard that MySQLi automatically sanitizes user input? Is it from prepared statements? Because I see that the option is still there for you to use mysqli_real_escape_string. Link to comment https://forums.phpfreaks.com/topic/154308-solved-mysqli-sanitize/ Share on other sites More sharing options...
Mchl Posted April 16, 2009 Share Posted April 16, 2009 If you use prepared statements, you don't need mysqli_real_escape_string. If you use mysqli::query - you do. Link to comment https://forums.phpfreaks.com/topic/154308-solved-mysqli-sanitize/#findComment-811242 Share on other sites More sharing options...
9three Posted April 16, 2009 Author Share Posted April 16, 2009 Cool thanks. Link to comment https://forums.phpfreaks.com/topic/154308-solved-mysqli-sanitize/#findComment-811245 Share on other sites More sharing options...
Mchl Posted April 16, 2009 Share Posted April 16, 2009 I should note: this only applies if you use prepared statements correctly (i.e. using binded variables) Link to comment https://forums.phpfreaks.com/topic/154308-solved-mysqli-sanitize/#findComment-811253 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.