What is the best way to escape a string before inserting into the database. addslashes () or mysql_real_scape_string ()?

3

I am developing a project that involves passwords among other important information that I need to insert into the mysql database.

My question is which option should I use to escape this data against sql injection. Right now I'm using a regular expression that removes the unwanted characters. I'm using the PDO.

    
asked by anonymous 11.11.2015 / 14:16

1 answer

2

mysql_real_scape_string() should be discarded because it is deprecated, removed from php7 and needs a mysql connection. *

Let the PDO take care of escaping the characters using prepared statements.

Recommended reading:

Is adding SQL injection addslashes secure?

How to prevent SQL injection in my PHP code

Using PDO is the safest way to connect to a DB with PHP?

    
11.11.2015 / 14:23