The title says: should I use mysqli real_escape_string when using prepared statements?
Is it necessary, better for the security, overkill, doesn't make any sense, or...?
Asked
Active
Viewed 385 times
-3
-
2[The Great Escapism (Or: What You Need To Know To Work With Text Within Text)](http://kunststube.net/escapism/) – deceze Jul 22 '13 at 15:45
-
http://stackoverflow.com/questions/6232084/is-mysql-real-escape-string-necessary-when-using-prepared-statements – htulipe Jul 22 '13 at 15:46
1 Answers
1
Assuming you mean "For data that will be inserted using placeholders": No. You'll end up double escaping the data (so you'll insert the escape sequences from mysqli_real_escape_string as data).
Quentin
- 914,110
- 126
- 1,211
- 1,335
-
Strictly speaking, for the everything else mysqli_real_escape_string would be as useless as trim(). – Your Common Sense Jul 22 '13 at 15:50