Page 1 of 1

Using mysql_real_escape_string()

Posted: Mon Jul 05, 2010 12:23 pm
by webphotogeek
Can someone tell me if I should be using the mysql_real_escape_string() function with the MySQL Input statement?

Thanks.

Re: Using mysql_real_escape_string()

Posted: Mon Jul 05, 2010 12:56 pm
by Weirdan
what is 'mysql input statement'?

Re: Using mysql_real_escape_string()

Posted: Mon Jul 05, 2010 3:02 pm
by webphotogeek
Sorry, I meant the Insert Into statement :lol:

Re: Using mysql_real_escape_string()

Posted: Mon Jul 05, 2010 5:53 pm
by Weirdan
Yes, you should, unless you use prepared statements (in which case you shouldn't use *escape() for bound variables).