Shortcomings of mysql_real_escape_string?

MySQL MySQLi Database

The shortcoming of mysql_real_escape_string is as follows −

It has main shortcoming in the modern API while we are making prepared statement. This has another shortcoming for every possible attack when you will typecast.

Let us see the typecast syntax in MySQL −

(TypeCast)mysql_real_escape_string($_REQUEST['anyColumnName']));

In the above syntax, we are typecasting, but in this case, it is not safer for every possible attack. The other cases include the following −

It is not type safe.
It is not for injection attack.

Arjun Thakur

Updated on: 30-Jul-2019

116 Views

Kickstart Your Career

Get certified by completing the course

Get Started

Advertisements