Welcome!

Join our community of MMO enthusiasts and game developers! By registering, you'll gain access to discussions on the latest developments in MMO server files and collaborate with like-minded individuals. Join us today and unlock the potential of MMO server development!

Join Today!

[php+mysql] The MySQLi extension [Rid of Injections 100%]

Joined
Jun 8, 2008
Messages
1,082
Reaction score
142
I honestly suggest MySQL should look into this. It looks wayyyy better. SQL injections are one of the main worries when you are coding a website, or doing anything with MySQL. Thanks man!
 

LMC

Experienced Elementalist
Joined
Apr 13, 2009
Messages
247
Reaction score
95
I honestly suggest MySQL should look into this. It looks wayyyy better. SQL injections are one of the main worries when you are coding a website, or doing anything with MySQL. Thanks man!

This is MySQL, or am i misunderstanding your reply?
 
Joined
Jun 8, 2007
Messages
1,985
Reaction score
490
Does mysqli auto escape characters? As for some reason ",' gets escaped when using mysqli, I dont know if ive not put mysql_real_escape string anywere without knowing, but just wondering.

MySQLi isn't escaping characters, it's preventing injections by putting data in the MySQL database separate from the query itself. You must have something else in the PHP code that's escaping those characters.

Instead of having all of the data within the query, it's sending a query first, then the data that goes with it in two separate requests. So there's no chance of an injection (as far as the database is concerned).

It doesn't, however, protect from XSS injections (so if the data is put from the database onto a web-page, there can be unexpected results due to injections in the HTML/JavaScript etc)
 
Back
Top