mysql - PHP conversion against injection for numerical parameters -


i know ultimate way use mysqli_real_escape_string function. pretty long , numerical values use $value + 0 statement. secure enough?

yes is. don't forget use "real" new version of mysqli_escape_string ;)

btw, should use prepared statement mysqli:

you can read more on: http://www.php.net/manual/en/mysqli.quickstart.prepared-statements.php

this avoid using mysqli_real_escape_string


Comments

Popular posts from this blog

php - regexp cyrillic filename not matches -

c# - OpenXML hanging while writing elements -

sql - Select Query has unexpected multiple records (MS Access) -