takn25 Posted March 21, 2011 Share Posted March 21, 2011 Hi, I have a site where users can register etc. I was wondering should I use mysql_real_escape_string() for the elements on my registration form example email, name and so on or is it no necessary? One more question could some one tell is this the proper way to use it before inserting into the database. $name=$_POST['name']; mysql_real_escape_string($name) ? Quote Link to comment Share on other sites More sharing options...
kenrbnsn Posted March 21, 2011 Share Posted March 21, 2011 You should always validate all user input. At the very least use the mysql_real_escape_string() on any user inputs that are strings and that will be used in a mysql query. Ken Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.