kuzey beytar
Reputation: 3227
Binding params and escaping string in MySQLi (PHP)
I bind all variables to all kind of statements (UPDATE/INSERT/SELECT etc.) using the bind_param() function. But I am confused with bind params.
Do I also need to use real_escape_string even though I use bind_param? Are both of them completely different things?
Upvotes: 2
Views: 538
Answers (1)
webbiedave
Reputation: 48897
No you don't need to escape them. Binding params eliminates the need for escaping by removing the dangers of string concatenation.
With binding, you're essentially telling MySQL to use the contents of this variable as the value for this field.
Upvotes: 6
Related Questions
- PHP implode in bind_param
- bind_param concatenate with other characters
- php mysql bind param parameters
- how to bind a bind_param with non variables
- How to Bind Parameter In String mysqli PHP
- Real escape string vs bind param
- PHP mysqli bind_param type for text
- PHP Mysqli - Parameter binding AND escape_string?
- mysqli bind_param fails but why?
- bind_param difficulties