Pain Posted October 18, 2012 Share Posted October 18, 2012 Hello. I have started using prepared mysqli statements such as this. $username = $_POST['username']; $password = $_POST['password']; $password_repeat = $_POST['password_repeat']; $email = $_POST['email']; if ($stmt = $mysqli->prepare("INSERT INTO ww3_users (username, password, password_repeat, email) VALUES (?, ?, ?, ?)")) { $stmt->bind_param('ssss', $username, $password, $password_repeat, $email); $stmt->execute(); $stmt->close(); } The question is - do i have to escape strings? Thank you:) Link to comment https://forums.phpfreaks.com/topic/269627-mysqli-escape-strings/ Share on other sites More sharing options...
Christian F. Posted October 18, 2012 Share Posted October 18, 2012 Not when using Prepared Statements, no. They take care of the escaping automatically. Link to comment https://forums.phpfreaks.com/topic/269627-mysqli-escape-strings/#findComment-1386012 Share on other sites More sharing options...
Pain Posted October 18, 2012 Author Share Posted October 18, 2012 Thank you Christian Link to comment https://forums.phpfreaks.com/topic/269627-mysqli-escape-strings/#findComment-1386013 Share on other sites More sharing options...
Christian F. Posted October 18, 2012 Share Posted October 18, 2012 You're welcome, glad I could help. Link to comment https://forums.phpfreaks.com/topic/269627-mysqli-escape-strings/#findComment-1386034 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.