Nico Burns
Reputation: 17099
mysqli_real_escape_string AND prepared statements?
Should be a simple enough question:
If I am using mysqli prepared statements, do I still need to use mysqli_real_escape_string() as well?
Is this necessary, or a good idea?
Thanks, Nico
Upvotes: 9
Views: 612
Answers (1)
John Ledbetter
Reputation: 14183
No. If you use prepared statements, escaping is done for you.
Upvotes: 16
Related Questions
- Do I need to escape my variables if I use MySQLi prepared statements?
- Is mysql_real_escape_string() necessary when using prepared statements?
- real_escape_string vs. prepared statements
- mysqli_real_escape_string, should I use it?
- Am I using mysqli_real_escape_string correctly?
- Prepared statements and "real escape string"
- How to properly use mysqli_real_escape_string
- use mysqli_real_escape_string with prepared statement
- Prepared statements and Escaping
- PHP and MySQL - correct way to use mysqli_real_escape_string