Page 1 of 1

SQL injection

Posted: Tue Nov 08, 2005 6:31 pm
by Luke
Well this relates to the ol' SQL injection topic. I am just wondering this...

If I wrap everything submitted from the user in the following, will this be pretty secure from injection?

Code: Select all

strip_tags(mysql_real_escape_string($dirtydirtyinput))

Posted: Tue Nov 08, 2005 7:29 pm
by Burrito
just the mysql_real_escape_string() should be sufficient.

Posted: Tue Nov 08, 2005 8:14 pm
by Nathaniel
and single quotes around your variable... mysql_query("... SET foo = '$escaped_string'");