Ridgejp
asked on
MySqli Real Escape String and SQL Injection
Hi,
When you escape posted data as in the example below: -
Does this prevent SQL injection and/or a brute force attack on a login page or would you also need a prepared sql statement and a function that counts the number of attempted logins in addition to this?
J
When you escape posted data as in the example below: -
$email = $mysqli->real_escape_string($_POST["email"]);
$password = $mysqli->real_escape_string($_POST["password"]);
Does this prevent SQL injection and/or a brute force attack on a login page or would you also need a prepared sql statement and a function that counts the number of attempted logins in addition to this?
J
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.