Page 1 of 1

mysql_real_escape_string [ ANSWERED ]

Posted: Thu Dec 08, 2005 12:08 pm
by wtf
Is it sufficient to prevent sql injections?

Posted: Thu Dec 08, 2005 12:59 pm
by Nathaniel

Posted: Thu Dec 08, 2005 2:35 pm
by wtf
Thanks... that answered all my questions.

Posted: Thu Dec 08, 2005 3:18 pm
by AKA Panama Jack
Remember that's SINGLE quotes and not double quotes.

Actually you should use quotes around all data being inserted into any field, even if it is a float field. It makes things alot cleaner in the long run.