Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
How do I escape data being inserted into a MySQL table without using an SQL escape string to protect against SQL injection?
I’m using Yii framework which uses PDO and does not support multiple queries. I need to run multiple insert queries and need to escape the values being inserted.
Yii::app()->quoteValue does not work because it places quotes "" around the input being inserted into mysql. Is there a PHP function I can use to protect against SQL injections?
You can add slashes with
However, it’s recommended you try and use the proper mysql methods instead so I wouldn’t count on this being a perfect replacement.