Pain Posted October 18, 2012 Share Posted October 18, 2012 Hello. I have started using prepared mysqli statements such as this. $username = $_POST['username']; $password = $_POST['password']; $password_repeat = $_POST['password_repeat']; $email = $_POST['email']; if ($stmt = $mysqli->prepare("INSERT INTO ww3_users (username, password, password_repeat, email) VALUES (?, ?, ?, ?)")) { $stmt->bind_param('ssss', $username, $password, $password_repeat, $email); $stmt->execute(); $stmt->close(); } The question is - do i have to escape strings? Thank you:) Quote Link to comment Share on other sites More sharing options...
Christian F. Posted October 18, 2012 Share Posted October 18, 2012 Not when using Prepared Statements, no. They take care of the escaping automatically. Quote Link to comment Share on other sites More sharing options...
Pain Posted October 18, 2012 Author Share Posted October 18, 2012 Thank you Christian Quote Link to comment Share on other sites More sharing options...
Christian F. Posted October 18, 2012 Share Posted October 18, 2012 You're welcome, glad I could help. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.