Im using mysqli_real_escape_string() for all database connections in my website. is this enough to prevent SQL injection ? is there any other precautions ?
Asked
Active
Viewed 476 times
0
lasan
- 201
- 1
- 13
-
1Please read this https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet – Amit Ray Jun 03 '16 at 11:49
-
@AmitRay thank you very much , really useful information – lasan Jun 03 '16 at 12:01
1 Answers
4
mysqli_real_escape_string does absolutely nothing to combat XSS attacks. It combats SQL injection.
ceejayoz
- 171,474
- 40
- 284
- 355