robert_gsfame Posted November 24, 2009 Share Posted November 24, 2009 i've just tried to use mysql_real_escape_string as it will give me some protection from sql_injection is mysql_real_escape_string used in all queries such as UPDATE, SELECT and DELETE or it is used only for SELECT query? thx Quote Link to comment https://forums.phpfreaks.com/topic/182733-mysql_real_escape_string-simple-question/ Share on other sites More sharing options...
Alex Posted November 24, 2009 Share Posted November 24, 2009 You should use mysql_real_escape_string on all user input that goes into a query, regardless of the type of query. Quote Link to comment https://forums.phpfreaks.com/topic/182733-mysql_real_escape_string-simple-question/#findComment-964451 Share on other sites More sharing options...
robert_gsfame Posted November 24, 2009 Author Share Posted November 24, 2009 okay thx, so any input from users which means mysql_real_escape_string($_POST['blabla']); is it?? thx Quote Link to comment https://forums.phpfreaks.com/topic/182733-mysql_real_escape_string-simple-question/#findComment-964453 Share on other sites More sharing options...
Alex Posted November 24, 2009 Share Posted November 24, 2009 Yea, that's one example of user input. Quote Link to comment https://forums.phpfreaks.com/topic/182733-mysql_real_escape_string-simple-question/#findComment-964455 Share on other sites More sharing options...
robert_gsfame Posted November 24, 2009 Author Share Posted November 24, 2009 thanks for your help AlexWD Quote Link to comment https://forums.phpfreaks.com/topic/182733-mysql_real_escape_string-simple-question/#findComment-964461 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.