quiettech Posted March 30, 2008 Share Posted March 30, 2008 Hello everyone, this is my first post here. I'm starting with PHP, having a somewhat distant background with ASP 2.0. This question applies to PHP 5.2 and MySQL 5.0 I've been looking at my data sanitation options and have preferred so far, when possible, to always give preference to ereg() and eregi(). Other helpers have been is_numeric() and checkdate(). Only on those cases where text fields may have to accept "insecure" characters I resort to mysql_real_escape_string() - possibly after having made a pass through ereg or eregi on those cases where input must also be validated. Putting aside prepared statements and stored procedures for now, can I be confident that mysql_real_escape_string() is a safe mechanism that will not fall prey to weird encodings or special character representations? Link to comment https://forums.phpfreaks.com/topic/98609-data-sanitation-options/ Share on other sites More sharing options...
quiettech Posted March 31, 2008 Author Share Posted March 31, 2008 Sorry to bump this. I'll reiterate the question. Concerning SQL Injection, are there any security issues I still need to be aware when using mysql_real_escape_string()? Link to comment https://forums.phpfreaks.com/topic/98609-data-sanitation-options/#findComment-505524 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.