This question is aimed towards people who have experience in dealing with PHP to access a database (specifically MySQL).
What, in your opinion or experience, is the best method to prevent data injections, via alteration of SQL statements, to your database?
Typically I use mysql_real_escape_string(), but I'm not so sure if that is enough to safeguard string data types being entered by the user.
Having been working more with Regular Expressions lately, I wonder if creating my own RegEx function that removes threatening characters might prove to be a more suitable security application than the built in functions.
Anyone have some insight into this?
What, in your opinion or experience, is the best method to prevent data injections, via alteration of SQL statements, to your database?
Typically I use mysql_real_escape_string(), but I'm not so sure if that is enough to safeguard string data types being entered by the user.
Having been working more with Regular Expressions lately, I wonder if creating my own RegEx function that removes threatening characters might prove to be a more suitable security application than the built in functions.
Anyone have some insight into this?