mysql escape string usage in database class

Asked Feb 05 '14 at 15:25

Active Feb 05 '14 at 15:25

Viewed 77 times

The project I am working on is using mysql not mysqli. The database class code where the " where query executes is"

if($this->whereCondition != "") {
    $this->sql .= " WHERE $this->whereCondition";
}

if($this->headers != "") {
    $this->sql .= "  $this->headers";
}

$this->whereCondition contains all the conditions of where statement. Can I use mysql escape string to the whole variable or should I escape individual condition values ??

asked Feb 05 '14 at 15:25

Anish Joseph

1,026
3
10
24

possible duplicate of [How can I prevent SQL injection in PHP?](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) – deceze Feb 05 '14 at 15:34
1

[The Great Escapism (Or: What You Need To Know To Work With Text Within Text)](http://kunststube.net/escapism/) – deceze Feb 05 '14 at 15:34
http://stackoverflow.com/a/12720360/476 – deceze Feb 05 '14 at 15:35
No, you can not apply escaping to complete statements. – deceze Feb 05 '14 at 15:35

mysql escape string usage in database class

0 Answers0