ohdang888 Posted March 7, 2008 Share Posted March 7, 2008 ok... so i've put mysql_real_escape_string() on everything that enters my database, but should i also use it on the info that i drawn FROM the database? Link to comment https://forums.phpfreaks.com/topic/94961-one-more-injecction-question/ Share on other sites More sharing options...
Orio Posted March 7, 2008 Share Posted March 7, 2008 No, there's no risk in that. But be careful from things like XSS. Orio. Link to comment https://forums.phpfreaks.com/topic/94961-one-more-injecction-question/#findComment-486430 Share on other sites More sharing options...
Psycho Posted March 7, 2008 Share Posted March 7, 2008 This is what the manual states mysql_real_escape_string — Escapes special characters in a string for use in a SQL statement the key being for use in a SQL statement Link to comment https://forums.phpfreaks.com/topic/94961-one-more-injecction-question/#findComment-486431 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.