Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 2 of 2
05-24-2013, 11:49 AM #1
- Join Date
- Feb 2007
- Thanked 1 Time in 1 Post
mysql_real_escape and/or strip_tags ?
Let's say I want to write content from a form (textarea in this case) to a database.
I'm allready using mysql_real_escape_string to prevent some hacking. Is it necessary to use strip_tags(trim()) as well on the textarea?
I'm not sure if they do the same.
05-24-2013, 12:27 PM #2
- Join Date
- Feb 2011
- Your Monitor
- Thanked 527 Times in 514 Posts
- Blog Entries
mysql_real_escape_string() will put a \ before all characters that could be dangerous / end & restart a SQL statement.
Both can be used for security however they serve entirely different purposes.
You would use mysql_real_escape_string() to protect your sql statement so that an attacker can't inject their own commands into your sql statement.
See my new CodingForums Blog: http://www.codingforums.com/blogs/tangoforce/
Many useful explanations and tips including: Cannot modify headers - already sent, The IE if (isset($_POST['submit'])) bug explained, unexpected T_CONSTANT_ENCAPSED_STRING, debugging tips and much more!
Users who have thanked tangoforce for this post: