Jump to content

Existing user? Sign In
Sign In

Remember me Not recommended on shared computers

Forgot your password?
Sign Up

Browse
- Forums
- Staff
- Leaderboard
- Guidelines
- Terms of Service
- More
Activity
- All Activity
- Search
- More
Join our Discord!
More
- More

PHP Coding Help

mysqli_stmt_bind_param like mysql_real_escape_string?

The Little Guy

By The Little Guy
June 20, 2012 in PHP Coding Help

Start new topic

Recommended Posts

The Little Guy

Prolific Member

The Little Guy

Posted June 20, 2012

- Share

Posted June 20, 2012

When using mysqli_stmt_bind_param (object or procedural), does this also act like mysql_real_escape_string? Does it prevent SQL Injection?

http://us.php.net/manual/en/mysqli-stmt.bind-param.php

It seems like I don't have to do anything else, but maybe I am wrong?

Link to comment

https://forums.phpfreaks.com/topic/264530-mysqli_stmt_bind_param-like-mysql_real_escape_string/

Share on other sites

scootstah

Member

scootstah

Posted June 20, 2012

- Share

Posted June 20, 2012

Yes, prepared statements prevent SQL injection when you bind parameters.

Link to comment

https://forums.phpfreaks.com/topic/264530-mysqli_stmt_bind_param-like-mysql_real_escape_string/#findComment-1355658

Share on other sites

The Little Guy

Prolific Member

The Little Guy

Posted June 20, 2012

Author

- Share

Posted June 20, 2012

Okay thanks, that is what I though!

Link to comment

https://forums.phpfreaks.com/topic/264530-mysqli_stmt_bind_param-like-mysql_real_escape_string/#findComment-1355663

Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

×

Browse
- Back
- Forums
- Staff
- Leaderboard
- Guidelines
- Terms of Service
Activity
- Back
- All Activity
- Search
Join our Discord!

×

Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.