I have a simple site for ads ...
Ads are inserted into MySql tables, and the only thing I use to disinfect user input is mysql_real_escape_string.
is that enough?
PDO is the best way to defer, but in fact, the difference between using only mysql_real_escape_stringPDO allows you to say this request:
SELECT * FROM table_name WHERE table_name.classified = '$classified';
OR
INSERT INTO table_name (input1, input2) VALUES ('$input1', $input2);
thank
user188962
source
share