- Data Structure
- Networking
- RDBMS
- Operating System
- Java
- MS Excel
- iOS
- HTML
- CSS
- Android
- Python
- C Programming
- C++
- C#
- MongoDB
- MySQL
- Javascript
- PHP
- Physics
- Chemistry
- Biology
- Mathematics
- English
- Economics
- Psychology
- Social Studies
- Fashion Studies
- Legal Studies
- Selected Reading
- UPSC IAS Exams Notes
- Developer's Best Practices
- Questions and Answers
- Effective Resume Writing
- HR Interview Questions
- Computer Glossary
- Who is Who
Shortcomings of mysql_real_escape_string?
The shortcoming of mysql_real_escape_string is as follows −
It has main shortcoming in the modern API while we are making prepared statement. This has another shortcoming for every possible attack when you will typecast.
Let us see the typecast syntax in MySQL −
(TypeCast)mysql_real_escape_string($_REQUEST['anyColumnName']));
In the above syntax, we are typecasting, but in this case, it is not safer for every possible attack. The other cases include the following −
- It is not type safe.
- It is not for injection attack.
Advertisements