what is the option for mysql_real_escape_string() function in newest version of php?

Question

I have used mysql_real_escape_string() function everywhere in the code but now it is depreciated. I want know what is greatest option for this function to protect sql injection and i am using object oriented database connectivity but do not want the function which need to call with database connection object.

Possible duplicate of [How can I prevent SQL-injection in PHP?](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) — DevDonkey, Apr 07 '16 at 09:37
Use prepared statements (but not emulated prepares), `mysqli_real_escape_string()` is not reliable. It suffers from the same shortcomings as `mysql_real_escape_string()` does. — apokryfos, Apr 07 '16 at 10:49

score 0 · Accepted Answer · edited May 23 '17 at 12:16

0

mysqli_real_escape_string() if you are using the mysqli API.

Or take a good step forward and use prepared statements :) The URL commented by @DevDonkey is a great introduction to that.

edited May 23 '17 at 12:16

Community

1
1

answered Apr 07 '16 at 09:39

Egg

1,782
1
12
28

what is the option for mysql_real_escape_string() function in newest version of php?

1 Answers1