Discussion in 'Programming' started by Glenn, Jun 7, 2013.
I know they can become a problem so I need to learn how to deal with them.
I'm using php and MySQL
How do I know when to use them?
It does not matter if there are no characters that need escaping, but it DOES if you miss one.
First rule of data handling: Any and ALL user input should sanitised, cleaned and verified BEFORE using it in a query.
What I mean is do I do this before it is saved in the database or after it is read out of the database.
What would be the point of checking data coming OUT of the database when it is INSERTING data with 'illegal' characters that causes problems?
That's what I'm asking. I do not know.
Separate names with a comma.