Is “mysqli_real_escape_string” enough to avoid SQL injection or other SQL attacks?
Could someone tell me if it is secure or if it is vulnerable to the SQL Injection attack or other SQL attacks ? No. As uri2x says, see SQL injection that gets around mysql_real_escape_string(). The best way to prevent SQL injection is to use prepared statements. They separate the data (your parameters) from the instructions … Read more