Possible Duplicate:
Are mysql_real_escape_string() and mysql_escape_string() sufficient for app security?
So how do you protect against it now magic qoutes is deprecated.
is
mysql_real_escape_string();
enough?
Asked
Active
Viewed 184 times
2 Answers
1
good place to start http://en.wikibooks.org/wiki/PHP_Programming/SQL_Injection
bensiu
- 24,660
- 56
- 77
- 117
0
It appears thats all you would need:
This function must always (with few exceptions) be used to make data safe before sending a query to MySQL.
Daniel A. White
- 187,200
- 47
- 362
- 445