CodingForums.com - View Single Post - Mysql_real_escape_string and PDO statements

angelali · 11-30-2012, 05:31 PM

I hear many times some people keep saying to use PDO statement to prevent SQL injections. I still use mysql_real_escape_string against sql injection and htmlentities or strip tags for XSS to protect forms etc.

So, why PDO statements? MySQL_real_escape_string is not good anymore? Does PDO statement provides better security than mysql_real_escape_string? I work with Procedural only just to enable people fill some short details to store in database, then retrieve them and display on pages.

11-30-2012, 05:31 PM	PM User \| #1
angelali Regular Coder Join Date: Sep 2011 Posts: 310 Thanks: 23 Thanked 0 Times in 0 Posts	Mysql_real_escape_string and PDO statements I hear many times some people keep saying to use PDO statement to prevent SQL injections. I still use mysql_real_escape_string against sql injection and htmlentities or strip tags for XSS to protect forms etc. So, why PDO statements? MySQL_real_escape_string is not good anymore? Does PDO statement provides better security than mysql_real_escape_string? I work with Procedural only just to enable people fill some short details to store in database, then retrieve them and display on pages.