Escape function and Bindings are safe now?

I readed some old posts about the escape function and i am not sure if it uses addslashes or mysqli_real_escape_string.

Also wanted to know if Escape Bindings work with mysqli_real_escape_string too.

I found this in mysql_driver, not sure if escape uses this function

function escape_str($str)
if (function_exists('mysqli_real_escape_string') AND is_object($this->conn_id))
return mysqli_real_escape_string($this->conn_id, $str);
elseif (function_exists('mysql_escape_string'))
return mysql_escape_string($str);
return addslashes($str);

There should be no issues with these.

$query  = $this->db->query("SELECT col1, col2 FROM tablename WHERE id = ?", $id);

[eluser]Thorpe Obazee[/eluser]
I believe they are safe. sometimes I echo my queries and they 'look' safe to me... :|

Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  

  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2020 MyBB Group.