Closed dokinoki closed 7 years ago
"mysql_real_escape_string" is deprecated, but we use "mysqli_real_escape_string" here. With prepared statements, php will automatic escaping strings, but you can also use the escape_string function from mysqli -> http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php
Use prepared statements
mysql_real_escape_string is not a way of preventing SQL injection.