Jump to content

Existing user? Sign In
Sign In

Remember me Not recommended on shared computers

Forgot your password?
Sign Up

Browse
- Forums
- Staff
- Leaderboard
- Guidelines
- Terms of Service
- More
Activity
- All Activity
- Search
- More
Join our Discord!
More
- More

Applications

Is it safe to use this variable to insert in database ?

linux1880

By linux1880
May 31, 2010 in Applications

Start new topic

Recommended Posts

linux1880

Regular Member

linux1880

Posted May 31, 2010

- Share

Posted May 31, 2010

Hello guys is this safe to insert values in database ?

$sql="INSERT INTO table (field_1) values ('".$data['field_1']."')";

Link to comment

https://forums.phpfreaks.com/topic/203458-is-it-safe-to-use-this-variable-to-insert-in-database/

Share on other sites

ignace

Advanced Member

ignace

Posted May 31, 2010

- Share

Posted May 31, 2010

No. Always use mysql_real_escape_string It's not because it was not entered by the user that it can't be harmful, it can still break your query.

Link to comment

https://forums.phpfreaks.com/topic/203458-is-it-safe-to-use-this-variable-to-insert-in-database/#findComment-1065877

Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

×

Browse
- Back
- Forums
- Staff
- Leaderboard
- Guidelines
- Terms of Service
Activity
- Back
- All Activity
- Search
Join our Discord!

×

Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.