lasan lasan - 9 months ago 66
PHP Question

Is mysqli_real_escape_string() enough to prevent SQL injection?

Im using

mysqli_real_escape_string()
for all database connections in my website. is this enough to prevent SQL injection ? is there any other precautions ?

Answer

mysqli_real_escape_string does absolutely nothing to combat XSS attacks. It combats SQL injection.