Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Is there a list of SQL injection methods which can’t be protected with just using mysql_real_escape_string(); with utf8 encoding?
For integer, I’m using intval();
Is it secure enough?
For those who think I want to get “tutorial” to hack anyone: No, I won’t. I just want to know how to make my applications more secure, and I want to know if they’re secured 99% against hackers
If given a valid database connection,
mysql_real_escape_string()is supposed to be safe for string data under all circumstances (with the rare exception described in this answer).However, anything outside a string, it won’t escape:
is still vulnerable, because you don’t have to “break out” of a string to add an evil additional command.