List:General Discussion« Previous MessageNext Message »
From:Dotan Cohen Date:November 6 2006 11:11pm
Subject:Preventing SQL injection
View as plain text  
I'm creating a forum in php where users are able to store comments in
a text field (think blog comments). To prevent SQL injection, I'm
using the php function mysql_real_escape_string() on data going into
the text field. Is this really enough to be safe, or should I be doing

Thanks in advance.

Dotan Cohen
Preventing SQL injectionDotan Cohen7 Nov