The Little Guy Posted June 20, 2012 Share Posted June 20, 2012 When using mysqli_stmt_bind_param (object or procedural), does this also act like mysql_real_escape_string? Does it prevent SQL Injection? http://us.php.net/manual/en/mysqli-stmt.bind-param.php It seems like I don't have to do anything else, but maybe I am wrong? Quote Link to comment https://forums.phpfreaks.com/topic/264530-mysqli_stmt_bind_param-like-mysql_real_escape_string/ Share on other sites More sharing options...
scootstah Posted June 20, 2012 Share Posted June 20, 2012 Yes, prepared statements prevent SQL injection when you bind parameters. Quote Link to comment https://forums.phpfreaks.com/topic/264530-mysqli_stmt_bind_param-like-mysql_real_escape_string/#findComment-1355658 Share on other sites More sharing options...
The Little Guy Posted June 20, 2012 Author Share Posted June 20, 2012 Okay thanks, that is what I though! Quote Link to comment https://forums.phpfreaks.com/topic/264530-mysqli_stmt_bind_param-like-mysql_real_escape_string/#findComment-1355663 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.