|
|
|
|
|
|
by krapp
4762 days ago
|
|
|
Currently, the use of PDO is preferred and anything involving the mysql libraries should be avoided, and support for them is being deprecated in PHP anyway. I found this interesting, though, regarding specifically SQL injection when mysql_real_escape_string is used: http://stackoverflow.com/questions/5741187/sql-injection-tha... basically the argument appears to boil down to mixed character sets causing escaping not to act as predicted. I can't speak to the validity of it though. |
|
|