I would have to say no, with a caveat. Event…

Question

0

Editorial Team

Asked: May 11, 20262026-05-11T10:32:48+00:00 2026-05-11T10:32:48+00:00

When I send );– from an input field to my localhost PHP server, it

0

When I send ');-- from an input field to my localhost PHP server, it AUTOMATICALLY converts it to

\’);–

It seems great, except that I don’t know how trustworthy this behavior is. Although it seems to avoid SQL injections, my development environment is not the same as the production environment and I’m afraid that the production environment may not have this sort of protection automatically activated…

Why does PHP does this(convert the input without having to use mysql_real_escape_string)? Does it always do it or only with certain extensions? Is it safe to rely on this behavior to prevent SQL injections?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

score 0 · Answer 1 · 2026-05-11T10:32:49+00:00

2026-05-11T10:32:49+00:00Added an answer on May 11, 2026 at 10:32 am

It seems that you have Magic Quotes enabled. But you better disable this option or revert them. mysql_real_escape_string is more secure.

0

Reply
Share
Share

- Report

How to approach applying for a job at a company ...

How to handle personal stress caused by utterly incompetent and ...

What is a programmer’s life like?

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions