robert_gsfame Posted November 24, 2009 Share Posted November 24, 2009 i've just tried to use mysql_real_escape_string as it will give me some protection from sql_injection is mysql_real_escape_string used in all queries such as UPDATE, SELECT and DELETE or it is used only for SELECT query? thx Link to comment https://forums.phpfreaks.com/topic/182733-mysql_real_escape_string-simple-question/ Share on other sites More sharing options...
Alex Posted November 24, 2009 Share Posted November 24, 2009 You should use mysql_real_escape_string on all user input that goes into a query, regardless of the type of query. Link to comment https://forums.phpfreaks.com/topic/182733-mysql_real_escape_string-simple-question/#findComment-964451 Share on other sites More sharing options...
robert_gsfame Posted November 24, 2009 Author Share Posted November 24, 2009 okay thx, so any input from users which means mysql_real_escape_string($_POST['blabla']); is it?? thx Link to comment https://forums.phpfreaks.com/topic/182733-mysql_real_escape_string-simple-question/#findComment-964453 Share on other sites More sharing options...
Alex Posted November 24, 2009 Share Posted November 24, 2009 Yea, that's one example of user input. Link to comment https://forums.phpfreaks.com/topic/182733-mysql_real_escape_string-simple-question/#findComment-964455 Share on other sites More sharing options...
robert_gsfame Posted November 24, 2009 Author Share Posted November 24, 2009 thanks for your help AlexWD Link to comment https://forums.phpfreaks.com/topic/182733-mysql_real_escape_string-simple-question/#findComment-964461 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.