Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

mysqli_real_escape_string AND prepared statements?

Tags:

php

prepared-statement

mysqli

Should be a simple enough question:

If I am using mysqli prepared statements, do I still need to use mysqli_real_escape_string() as well?

Is this necessary, or a good idea?

Thanks, Nico

like image 382
Nico Burns Avatar asked Jul 22 '09 01:07

Nico Burns

1 Answers

No. If you use prepared statements, escaping is done for you.

like image 131
John Ledbetter Avatar answered Nov 15 '22 14:11

John Ledbetter
Sign in to Comment

Related questions

Laravel query builder parameter binding
PHP remove specific item from array [duplicate]
Difference between FastCgiExternalServer and FastCgiServer in Apache FastCGI PHP?
Getting unknown property Exception in yii2
Does PHP always support passing more arguments than the method expected?
Display image from laravel controller
json_encode adding lots of decimal digits
Generate CSV, download to local machine and save to the server at the same time
AOP in plain PHP that doesn't require any PECL-extentions (Go!) - How?
Laravel - Get records from one table that doesn't exist in another with a where clause attached
How to downgrade php7 to php5.6 in mac high sierra
composer asking oauth token for download public repo
Caching web routes with forced url in laravel
How to use Symfony Messenger component in standalone code to send AMQP messages
SQLite/PHP read-only?
Embedded Web Server in .NET
How evil is $_REQUEST and what are some acceptable Band-Aid countermeasures?
error clause for file_put_contents
/var/www/ folder structure for PHP project
Wrap Text in P tag

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!