Is it okay to escape data only when getting from database?

Asked Sep 22 '16 at 17:45

Active Sep 22 '16 at 17:45

Viewed 27 times

Is it okay to escape data only when getting from database ? Or do i need also to escape input when sending it to database ?

A quick PHP question.

Thank you.

asked Sep 22 '16 at 17:45

Coze

2

You only escape when sending data to, meaning data in any type of query SELECT, INSERT, UPDATE. – AbraCadaver Sep 22 '16 at 17:48
possible duplicate of [How can I prevent SQL-injection in PHP?](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) – Funk Forty Niner Sep 22 '16 at 17:48

0 Answers0