lasan lasan - 2 years ago 117
PHP Question

Is mysqli_real_escape_string() enough to prevent SQL injection?

Im using

for all database connections in my website. is this enough to prevent SQL injection ? is there any other precautions ?

Answer Source

mysqli_real_escape_string does absolutely nothing to combat XSS attacks. It combats SQL injection.

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download