Welcome to WebmasterWorld Guest from 3.81.28.94

Forum Moderators: coopster & jatar k

Message Too Old, No Replies

Php Html Form Sanitize

     
11:22 am on May 8, 2017 (gmt 0)

Junior Member from ZA 

10+ Year Member

joined:Sept 19, 2008
posts: 53
votes: 0


mysqli_real_escape_string();
vs
filter_var();
vs
Prepared Statements

Which one is more secured?
11:42 am on May 8, 2017 (gmt 0)

Full Member

5+ Year Member

joined:Aug 16, 2010
posts:257
votes: 21


I check all my input with filter functions like filter_var or my own functions. Regardless if its end up stored in a database. There are more hacks or bugs possible than sql injection.

For Mysql i use the Mysqli functions with prepared statements. I think prepared statements and real_escape are both secure as long as you use them correctly. But it is easy to forget the escape function so i just learned to always use prepared statements.
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members