Link to home
Start Free TrialLog in
Avatar of Ridgejp
RidgejpFlag for United Kingdom of Great Britain and Northern Ireland

asked on

MySqli Real Escape String and SQL Injection

Hi,

When you escape posted data as in the example below: -

$email = $mysqli->real_escape_string($_POST["email"]);
$password = $mysqli->real_escape_string($_POST["password"]);

Open in new window


Does this prevent SQL injection and/or a brute force attack on a login page or would you also need a prepared sql statement and a function that counts the number of attempted logins in addition to this?

J
ASKER CERTIFIED SOLUTION
Avatar of Ray Paseur
Ray Paseur
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial