lasan lasan - 1 year ago 97
PHP Question

Is mysqli_real_escape_string() enough to prevent SQL injection?

Im using

for all database connections in my website. is this enough to prevent SQL injection ? is there any other precautions ?

Answer Source

mysqli_real_escape_string does absolutely nothing to combat XSS attacks. It combats SQL injection.