I'm trying to secure my script a bit after some suggestions in the last question I asked.
Do I need to secure things like $row['page_name']
with the mysql_real_escape_string
function? example:
$pagename = mysql_real_escape_string($row['page_name']);
I'm asking mainly because when I do secure every row I get some errors like when trying number_format()
it throws number_format() expects parameter 1 to be double, string given
while when it is not secured with mysql_real_escape_string
it works.
Can someone clear this for me? Do I only need to secure COOKIE
's or the row fetches too?
I got the suggestion in this post: HERE (look at the selected answer)