Use mysql_real_escape_string just for INSERT or...?
Moderator: General Moderators
- JAB Creations
- DevNet Resident
- Posts: 2341
- Joined: Thu Jan 13, 2005 6:44 pm
- Location: Sarasota Florida
- Contact:
Use mysql_real_escape_string just for INSERT or...?
Should we use mysql_real_escape_string for all MySQL queries or just for INSERT queries?
Re: Use mysql_real_escape_string just for INSERT or...?
All queries. Escaping of data in SQL queries is done to handle cases where characters that have meaning in the SQL are used in the data. Failure to do so results in broken applications in general, and often inscure applications (SQL injection).
http://www.logris.org/security/escaping ... ty-measure
http://www.logris.org/security/the-unex ... -injection
http://www.logris.org/security/escaping ... ty-measure
http://www.logris.org/security/the-unex ... -injection
- JAB Creations
- DevNet Resident
- Posts: 2341
- Joined: Thu Jan 13, 2005 6:44 pm
- Location: Sarasota Florida
- Contact:
Re: Use mysql_real_escape_string just for INSERT or...?
Nice...I understand also what you mean about $_SERVER. In example I'm sure you could use a user agent to somehow pass an SQL injection attack or something along those lines. Thanks for the links. 