Welcome Guest, Not a member yet? Register   Sign In
Escape function and Bindings are safe now?
#1

[eluser]gurthgor[/eluser]
I readed some old posts about the escape function and i am not sure if it uses addslashes or mysqli_real_escape_string.

Also wanted to know if Escape Bindings work with mysqli_real_escape_string too.

I found this in mysql_driver, not sure if escape uses this function

function escape_str($str)
{
if (function_exists('mysqli_real_escape_string') AND is_object($this->conn_id))
{
return mysqli_real_escape_string($this->conn_id, $str);
}
elseif (function_exists('mysql_escape_string'))
{
return mysql_escape_string($str);
}
else
{
return addslashes($str);
}
}
#2

[eluser]drewbee[/eluser]
There should be no issues with these.

Code:
$query  = $this->db->query("SELECT col1, col2 FROM tablename WHERE id = ?", $id);
#3

[eluser]Thorpe Obazee[/eluser]
I believe they are safe. sometimes I echo my queries and they 'look' safe to me... :|




Theme © iAndrew 2016 - Forum software by © MyBB