Alternative to mysql_real_escape_string without connecting to DB

by

It is impossible to safely escape a string without a DB connection. mysql_real_escape_string() and prepared statements need a connection to the database so that they can escape the string using the appropriate character set – otherwise SQL injection attacks are still possible using multi-byte characters.

If you are only testing, then you may as well use mysql_escape_string(), it’s not 100% guaranteed against SQL injection attacks, but it’s impossible to build anything safer without a DB connection.

More Related Contents:

  1. Shortcomings of mysql_real_escape_string?
  2. Do I have to use mysql_real_escape_string if I bind parameters?
  3. Trying to Show 87 mysql rows in 3 html tables using PHP and mysql [closed]
  4. While loop inserts three times
  5. Warning: mysqli_fetch_array() expects parameter 1 to be mysqli_result, boolean given in? [duplicate]
  6. regarding installation of php in windows
  7. Problame with files on SQL
  8. save user images in MYSQL database by which method? [closed]
  9. How to apply bindValue method in LIMIT clause?
  10. Row count with PDO
  11. Best way to INSERT many values in mysqli?
  12. How to view query error in PDO PHP
  13. php/mysql with multiple queries
  14. How to populate second dropdown based on selection of first dropdown using jQuery/AJAX and PHP/MySQL?
  15. Resetting array pointer in PDO results
  16. Notice: Array to string conversion in
  17. How to search for slash (\) in MySQL? and why escaping (\) not required for where (=) but for Like is required?
  18. Export MySQL database using PHP [closed]
  19. How to add new column to MYSQL table?
  20. Do SQL connections opened with PDO in PHP have to be closed
  21. mysql select query within a serialized array
  22. mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in php [duplicate]
  23. Category Hierarchy (PHP/MySQL)
  24. Alternative for mysql_num_rows using PDO
  25. belongsToMany relationship in Laravel across multiple databases
  26. Algorithm for generating a random number
  27. return one value from database with mysql php pdo
  28. How can I pass an array of PDO parameters yet still specify their types?
  29. Difference between mysql_fetch_array and mysql_fetch_row?
  30. Aggregated query without GROUP BY

Leave a Comment