Escaping
Posted: Wed Apr 21, 2004 1:58 pm
Hi all,
I have a question about escaping strings into queries. I didn't use any escaping and it works even when user inputs data with " or '. When echo the sql query, it looks like it's already escaped.
So I wonder if I should use any of those escaping commands such as
or
and which and why if yes.
Thx in advance,
MarK
I have a question about escaping strings into queries. I didn't use any escaping and it works even when user inputs data with " or '. When echo the sql query, it looks like it's already escaped.
So I wonder if I should use any of those escaping commands such as
Code: Select all
mysql_escape_string()Code: Select all
AddSlashes()Thx in advance,
MarK