Want to clean string before using it in database

Question

I want to clean user input before using it in database. I'm using mysql_real_escape-string but it seems in some low versions of php its not working. I want to use stripshlases. Will it work for me ? What should i do ?

score 1 · Answer 1 · answered Feb 28 '14 at 00:42

1

Use prepared statements and mysql will take care of any database-specific escaping necessary. Beyond that, though, is a business logic problem.

answered Feb 28 '14 at 00:42

hd1

33,938
5
80
91

score 0 · Answer 2 · answered Feb 28 '14 at 00:45

0

mysql_real_escape_string has been deprecated for some time now. PHP.net has a page to help you find a replacement

stripslashes will not prevent SQL injection, and will also cause problems with potentially legitimate user input.

answered Feb 28 '14 at 00:45

Daniel

4,481
14
34

Want to clean string before using it in database

2 Answers2