1. Home
  2. Forums Index
  3. Server Side / Databases 10:26 am May 21, 2026

Forum Moderators: open

Message Too Old, No Replies

mysql and escape character and injections

         

Pico_Train

1:17 pm on May 20, 2008 (gmt 0)

10+ Year Member



Hi There!

Say I have a form that posts data for insertion to a DB and the one post is $_POST['name'].

So I go and type my name as example's in the form and click submit.

When I echo the MySQL statement it gets inserted example\'s

Does this mean it is MySQL injection safe or do I need to do more?

Thanks!

[edited by: Pico_Train at 1:18 pm (utc) on May 20, 2008]

wheelie34

10:36 am on May 21, 2008 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



From what I understand mysql adds slashes before inserting, I don't think it has anything to do with avoiding injections, try keeping your insert pages behind .htaccess area or a secure login area, that way only you or the user can add data

rocknbil

4:23 pm on May 21, 2008 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



A Wiki that might be helpful [en.wikipedia.org].
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / Databases 10:26 am May 21, 2026