Search the Community
Showing results for tags 'real_escape_string()'.
BACKGROUND: It appears that there are few problems in web development that do not have multiple solutions. My problem is to decide which solution best suits my needs. I have a confirmation email that sends a name, hash, and email address via an HTTP REQUEST using the $_GET superglobal to a PHP file that matches the hash with an entry in a newsletter roster table. If the match succeeds the value of the status variable is changed from 0 to 1. Before the hash is sent to the roster table it is sanitized using the MySQLi real_escape_string( ) function. Elsewhere on my website I use the PHP filter_var( ) function with parameter values that vary with the nature of the data being sent. QUESTION ONE: In the above instance which PHP function would be more secure. And, why? QUESTION TWO: In general which function is preferred? And, why? Roddy