Hello, Got a form that takes in data to enter in to a database. I want to make it as secure and as invulnerable to sql injection and other attacks as possible. I'm wondering if mysqli_real_escape_string or stripslashes should be used or if the former does the latter. For example, I have a name variable: $name = mysqli_real_escape_string($DatabaseLink, trim($_POST['name'])); or should I do: $name = stripslashes(mysqli_real_escape_string($dbc, trim($_POST['name']))); Thanks. Dave. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
