ohdang888 Posted March 7, 2008 Share Posted March 7, 2008 ok... so i've put mysql_real_escape_string() on everything that enters my database, but should i also use it on the info that i drawn FROM the database? Quote Link to comment https://forums.phpfreaks.com/topic/94961-one-more-injecction-question/ Share on other sites More sharing options...
Orio Posted March 7, 2008 Share Posted March 7, 2008 No, there's no risk in that. But be careful from things like XSS. Orio. Quote Link to comment https://forums.phpfreaks.com/topic/94961-one-more-injecction-question/#findComment-486430 Share on other sites More sharing options...
Psycho Posted March 7, 2008 Share Posted March 7, 2008 This is what the manual states mysql_real_escape_string — Escapes special characters in a string for use in a SQL statement the key being for use in a SQL statement Quote Link to comment https://forums.phpfreaks.com/topic/94961-one-more-injecction-question/#findComment-486431 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.