PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
if you still use mysql look at mysql_real_escape_string(). You should upgrade to prepared statements as Celauran suggests or at least use mysqli functions when interacting with the database.
spacebiscuit wrote:Is the mysql_real_escape_string function sufficient to protect against SQL injection attempts?
i'm going to say no, the url below gives a few things to look at when defending against injection attempts; it's not php specific but the ideas behind the examples can easily be applied in php aswell https://www.owasp.org/index.php/SQL_Inj ... heat_Sheet
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering