Pain Posted October 18, 2012 Share Posted October 18, 2012 Hello. I have started using prepared mysqli statements such as this. $username = $_POST['username']; $password = $_POST['password']; $password_repeat = $_POST['password_repeat']; $email = $_POST['email']; if ($stmt = $mysqli->prepare("INSERT INTO ww3_users (username, password, password_repeat, email) VALUES (?, ?, ?, ?)")) { $stmt->bind_param('ssss', $username, $password, $password_repeat, $email); $stmt->execute(); $stmt->close(); } The question is - do i have to escape strings? Thank you:) Quote Link to comment https://forums.phpfreaks.com/topic/269627-mysqli-escape-strings/ Share on other sites More sharing options...
Christian F. Posted October 18, 2012 Share Posted October 18, 2012 Not when using Prepared Statements, no. They take care of the escaping automatically. Quote Link to comment https://forums.phpfreaks.com/topic/269627-mysqli-escape-strings/#findComment-1386012 Share on other sites More sharing options...
Pain Posted October 18, 2012 Author Share Posted October 18, 2012 Thank you Christian Quote Link to comment https://forums.phpfreaks.com/topic/269627-mysqli-escape-strings/#findComment-1386013 Share on other sites More sharing options...
Christian F. Posted October 18, 2012 Share Posted October 18, 2012 You're welcome, glad I could help. Quote Link to comment https://forums.phpfreaks.com/topic/269627-mysqli-escape-strings/#findComment-1386034 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.