Escape function and Bindings are safe now?

#1
[eluser]gurthgor[/eluser]
I readed some old posts about the escape function and i am not sure if it uses addslashes or mysqli_real_escape_string.

Also wanted to know if Escape Bindings work with mysqli_real_escape_string too.

I found this in mysql_driver, not sure if escape uses this function

function escape_str($str)
{
if (function_exists('mysqli_real_escape_string') AND is_object($this->conn_id))
{
return mysqli_real_escape_string($this->conn_id, $str);
}
elseif (function_exists('mysql_escape_string'))
{
return mysql_escape_string($str);
}
else
{
return addslashes($str);
}
}

#2
[eluser]drewbee[/eluser]
There should be no issues with these.

Code:
$query  = $this->db->query("SELECT col1, col2 FROM tablename WHERE id = ?", $id);

#3
[eluser]Thorpe Obazee[/eluser]
I believe they are safe. sometimes I echo my queries and they 'look' safe to me... :|


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


Users browsing this thread:
1 Guest(s)


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2019 MyBB Group.