DEV Community

Discussion on: SQL Injection!!!

Collapse
 
molleer profile image
David Möller

Prepared statements has pretty much solved this problem

Collapse
 
amirdev profile image
amirhossein

Preparing and then binding parameters? Yes and also you can use addslashes method in PHP it gives a backslash before characters and this protects you from SQL Injection ...

Collapse
 
vlasales profile image
Vlastimil Pospichal • Edited

addslashes don't prevent SQL injection.

php.net/manual/en/function.addslas...
The addslashes() is sometimes incorrectly used to try to prevent SQL Injection. Instead, database-specific escaping functions and/or prepared statements should be used.