Does mysql_escape_string() make sql injection impossible?
My question is not about needing help with code, but I am just wondering
if mysql_escape_string() makes SQL-injection impossible.
I see a lot of people using this function for sql-security. If I use
mysql_escape_string(), will I still need to use queries using parameters
or not?
Also could you please tell me a good way to use this function or would
mysql_escape_string($string) be enough?
If mysql_escape_string() isn't a good practice.. Could you please explain
to me how to use parameters in a querystring so I can understand it. I
know how to use parameters and stuff in VB.net but I'm lost when it comes
to using parameters in php and mysql.
Thanks in advance :).
No comments:
Post a Comment