Saturday 11 November 2017

mysql - mysql_real_escape_string in php, where to use it?

I just learned about the importance of
mysql_real_escape_string to avoid MySQL injections. So i used
this in my registration form in php. This is what i
got,



$password_string =
            mysql_real_escape_string($_POST['PASSWORD']);
$username =
            mysql_real_escape_string($_POST['USERNAME']);

$fname =
            mysql_real_escape_string($_POST['FNAME']);
$mname =
            mysql_real_escape_string($_POST['MNAME']);
$lname =
            mysql_real_escape_string($_POST['LNAME']);


Question:
Do i also need to use mysql_real_escape_string on forms that
only verifies entries in the database? or is it only useful if you are inserting data
into the database? I asked this because I also have a verification form wherein users
will input data to see if those records exist in the database. Do i still need the
mysql_real_escape_string for
security?



Thanks!

-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

php - file_get_contents shows unexpected output while reading a file

I want to output an inline jpg image as a base64 encoded string, however when I do this : $contents = file_get_contents($filename); print &q...