This question already has an answer here:
- How can I prevent SQL injection in PHP? 28 answers
I see a lot of post about inserting into MySQL database. The vast amount of them seem to forget that its user input we are dealing with. What would be the best was to insert data in to the table. Would mysqli_real_escape_string
be okay? Or would using prepared statements be a better option, maybe both?
</div>