would I need to use real escape in both my INSERT and SELECT FROM

Question

0

Editorial Team

Asked: May 18, 20262026-05-18T10:58:50+00:00 2026-05-18T10:58:50+00:00

would I need to use real escape in both my INSERT and SELECT FROM

0

would I need to use real escape in both my INSERT and SELECT FROM statements?

why the syntax I’m using in the following example isn’t working (It’s just one of the many ways I’ve tried)?

//insert user input for word 1
$sql = "INSERT INTO test (Word1, Word2, Word3, Word4, Word5)
VALUES('$Word1','$Word2','$Word3','$Word4','$Word5')",
mysql_real_escape_string($Word1),
mysql_real_escape_string($Word2),
mysql_real_escape_string($Word3),
mysql_real_escape_string($Word4),
mysql_real_escape_string($Word5);
if(!mysql_query($sql,$con))
{
  die('Error: ' . mysql_error());
}

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-18T10:58:50+00:00

I highly recommend that you avoid escaping altogether, and move directly to prepared statements with mysqli::prepare, perhaps via PDO. It’s ultimately simpler and safer:

$dsn = 'mysql:dbname=test;host=127.0.0.1';
$user = 'dbuser';
$password = 'dbpass';

$dbh = new PDO($dsn, $user, $password);

$sql =
    'INSERT INTO mytable ' .
    '(Word1, Word2, Word3, Word4, Word5)' .
    'VALUES(?, ?, ?, ?, ?)';

$stmt = $dbh->prepare($sql);

$words = array('word1', 'word2', 'word3', 'word4', 'word5');
$stmt->execute($words);

$words = array('word6', 'word7', 'word8', 'word9', 'word10');
$stmt->execute($words);

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

would I need to use real escape in both my INSERT and SELECT FROM

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply