TalkPHP - View Single Post

Stealth · 10-17-2008, 05:52 PM

Could you use addslashes and mysql_real_escape_string together to sanitize user input?
Example:

Code:

<?php 
$q = addslashes(trim(mysql_real_escape_string($_POST['input'])));
$insert = "INSERT INTO table1 (input) VALUES ('$q')") or die(mysql_error());
?>

Would it clean up the string to protect against SQL Injections?

Thanks.

10-17-2008, 05:52 PM	#1 (permalink)
Stealth The Wanderer Join Date: Jul 2008 Posts: 8 Thanks: 1	Sanitizing Strings for MySQL? Could you use addslashes and mysql_real_escape_string together to sanitize user input? Example: Code: <?php $q = addslashes(trim(mysql_real_escape_string($_POST['input']))); $insert = "INSERT INTO table1 (input) VALUES ('$q')") or die(mysql_error()); ?> Would it clean up the string to protect against SQL Injections? Thanks.