lasan lasan - 1 year ago 84
PHP Question

Is mysqli_real_escape_string() enough to prevent SQL injection?

Im using

for all database connections in my website. is this enough to prevent SQL injection ? is there any other precautions ?


mysqli_real_escape_string does absolutely nothing to combat XSS attacks. It combats SQL injection.