Linked Questions

OK, I have one question before I start coding MySQL in my school project. Is mysql_real_escape_string is really safe to use? I've heard that it's still not really safe to use..So are there any tweaks ...

First of all, I get that people want to use stored procedures so that they reuse queries and have the escaping taken care of. However, I have read many developers say that mysqli_real_escape_string ...

So I know that using prepared statements with placeholders is pretty much the only way to protect yourself from SQL injection due to poor formatting of your queries. However, I also see many people ...

This is so often discussed issue, I know, but I've recently found this vulnerability and I'm testing whether I'm resistant to such an injection, however I'm not able to simulate that behavior. ...

I have the following php script to insert a form user input data into the database. Is mysqli_real_escape_string enough to prevent SQL injection if I don't wish to use prepared statements to bind ...

In my php scripts ALL input are "filtered" with mysqli_real_escape_string in this way: $categoryid = mysqli_real_escape_string($link, $_GET['id']); $query = "SELECT categories.id AS cid, categories....

This was marked as a duplicate, but I don't think that is a fair judgement. Again the question is being passed off with an easy answer... but it isn't the correct answer. If the "duplicate" answer is ...

I was trying to look for mitigation of SQL Injection against my web application based on PHP and MySQL. The first rule is to sanitize the query; Hence I am using mysql_real_escape_string() function ...

I'm not familiar with sql injection and I wanna know if there is any invulnerability in my script, if there is please point it out and give me some tip to fix it. <?php include("config.php"); ?>...

I created this simple function and want to know that if it is enough for preventing SQL Injection. $sub_username = encr(mysqli_real_escape_string($conn, $_POST['username'])); $sub_password = encr(...

I have a sever on the Internet running php 7.4.33 with wordpress includes to show the correct interface and a test server on Win10 using xampp running PHP 7.4.27 without any wordpress includes. I put ...

Image the following situation: I know(I can see) in the code that before querying to DB using an input field parameter, there is a function which escapes all chars. Pseudo code: escape_all_chars(...

I'm working on my bachelor thesis about security of sql databases. I was using sqlmap to check vulnerable sql queries. Is there up to date sql injection that can bypass escaping string done with ...

If user input is inserted without modification into an SQL query, then the application becomes vulnerable to SQL injection, like in the following example: $unsafe_variable = $_POST['user_input']; ...

What is this? This is a number of answers about warnings, errors, and notices you might encounter while programming PHP and have no clue how to fix them. This is also a Community Wiki, so everyone is ...