lasan lasan - 6 months ago 35
PHP Question

Is mysqli_real_escape_string() enough to prevent SQL injection?

Im using

mysqli_real_escape_string()
for all database connections in my website. is this enough to prevent SQL injection ? is there any other precautions ?

Answer

mysqli_real_escape_string does absolutely nothing to combat XSS attacks. It combats SQL injection.

Comments