Jump to content

apply mysql_real_escape_string()


orange08

Recommended Posts

before a variable used with sql command, i'll apply it with mysql_real_escape_string() to prevent sql injection...

 

so, when i insert a new record into my database, i'm doing the same...

 

as i know, when data is saved into database, MySQL will automatically remove the backslashes used as an escape character, so i would like to know when i retrieve the variable from database, is that mysql_real_escape_string() still applied on it? if i want to save this retrieved data into database again, need it apply mysql_real_escape_string() for second time?

Link to comment
https://forums.phpfreaks.com/topic/172074-apply-mysql_real_escape_string/
Share on other sites

before a variable used with sql command, i'll apply it with mysql_real_escape_string() to prevent sql injection...

 

so, when i insert a new record into my database, i'm doing the same...

 

as i know, when data is saved into database, MySQL will automatically remove the backslashes used as an escape character, so i would like to know when i retrieve the variable from database, is that mysql_real_escape_string() still applied on it? if i want to save this retrieved data into database again, need it apply mysql_real_escape_string() for second time?

 

So, as I understand it, mysql_real_escape_string "cleans" all strings sent to the database, so if it's already "cleaned" why would you do it a second time?

 

...I may be wrong though

before a variable used with sql command, i'll apply it with mysql_real_escape_string() to prevent sql injection...

 

so, when i insert a new record into my database, i'm doing the same...

 

as i know, when data is saved into database, MySQL will automatically remove the backslashes used as an escape character, so i would like to know when i retrieve the variable from database, is that mysql_real_escape_string() still applied on it? if i want to save this retrieved data into database again, need it apply mysql_real_escape_string() for second time?

 

So, as I understand it, mysql_real_escape_string "cleans" all strings sent to the database, so if it's already "cleaned" why would you do it a second time?

 

...I may be wrong though

 

i'm not purposely do it twice...

i know when i apply mysql_real_escape_string() on my data and save into database, it's clean...but as i know the \ used by this function to clean the data won't be saved into database together with the data...

 

in some case, i need to retrieve the same data from the database again, then i might use it in another sql command...

 

as this data has been applied with mysql_real_escape_string() before and saved and retrieved from the database...so, i just wonder need i apply mysql_real_escape_string() on it again as this time this data not considered as direct input from user...

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.