2

Possible Duplicate:
Best way to stop SQL Injection in PHP

It seems far too good to be true to me that this simple function does all I need. Yet most of my google searches lead to results that basically say "just use this function and all will be well!".

I've seen a couple that briefly, or at too high a level for my own beginner mind to quite grasp, talk about parameterized SQL statements. Are these necessary, and if so, can someone point me to a good link?

Community
  • 1
  • 1
Chris Sobolewski
  • 12,819
  • 12
  • 63
  • 96
  • 3
    Dupe? http://stackoverflow.com/questions/60174/best-way-to-stop-sql-injection-in-php Either way, a lot of good information in the answers to that question. – Mike B Oct 08 '09 at 02:38
  • 2
    And if the above is not the dupe then here's a whole bunch of them: http://stackoverflow.com/search?q=mysql_real_escape_string – ChssPly76 Oct 08 '09 at 02:39
  • @Chss I ran that search. I'm curious as to how many of the result's questions you read before concluding "that's alot this question shouldn't have been asked!" There is one question three quarters of the way down the first page that remotely address what I'm interested in... – Chris Sobolewski Oct 08 '09 at 02:43

1 Answers1

0

It will be all you need provided you don't change the character set of the database, IIRC.

alex
  • 479,566
  • 201
  • 878
  • 984