I have read a few different places that doing mysql_real_escape_string is not all that safe. I am wondering what are more practices I can take to make my code secure from MySQL or other attacks.
My Security function:
Code:public function clean(&$value){
if (ini_get('magic_quotes_gpc')) $value = stripslashes($value);
$value = mysql_real_escape_string($value);
}


LinkBack URL
About LinkBacks




Reply With Quote







Bookmarks
Algorithms and Data Structures
Java tutorials
Algorithms Forum