SQL Injection and mysql_real_escape_string
View Single Post
05-03-2008, 03:07 AM
Join Date: Sep 2007
Originally Posted by
Harking back to the topic at hand somewhat, please remember the name of the function being used to escape your input:
. Ok perhaps that came off a little strong but the point is there to be made that that function will only escape string values where expected input and output are strings; not integers, booleans or other types.
If that was directed at me, I would suggest reading my posts. Also, use mysql_real_escape_string, mysql_escape_string is depreciated since 4.3.0.
PHP: mysql_escape_string - Manual
View Public Profile
Send a private message to Village Idiot
Find More Posts by Village Idiot