Jump to content

Recommended Posts

When I was taking my class in PHP 4, we were always taught to escape all user input before using it in our queries like good little coders.  However, after upgrading to PHP 5 I noticed that it looks like PHP will automatically escape the user's input for you, so I guess my question is, do we still need to escape everything that we get from users, or can we trust PHP to do that for us now?
Link to comment
https://forums.phpfreaks.com/topic/15804-escaping-characters/
Share on other sites

I guess the thing I don't understand is that I have inputted illegal strings into the database through my PHP (i.e. "Jay's Input") and it is automatcally escaped when I check its value in the database.  I'm more wondering why it is doing it for me without me telling it to, not how I would do it manually.
Link to comment
https://forums.phpfreaks.com/topic/15804-escaping-characters/#findComment-64662
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.