Got a form that takes in data to enter in to a database. I want to
make it as secure and as invulnerable to sql injection and other
attacks as possible. I'm wondering if mysqli_real_escape_string or
stripslashes should be used or if the former does the latter. For
example, I have a name variable:

$name = mysqli_real_escape_string($DatabaseLink, trim($_POST['name']));

or should I do:

$name = stripslashes(mysqli_real_escape_string($dbc, trim($_POST['name'])));


PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to