Recently I am developing little question generation program on PHP. It uses some LaTeX formatted math formulas.
- I had a problem with inserting LaTeX formulas, because no backslash was inserted to MySQL database.
-
I've described this issue here :
Backslashes are auto-removed while inserting LaTeX formulas to MySQL with PHP
I found a solution by using mysql_real_escape_string(). But this arises another question.
- If backslashes now could be inserted, is my program vulnerable for sql injections or any other tricky input that users could make?