Should I use mysqli_real_escape_string or should I use prepared statements?

php mysqli prepared-statement mysql-real-escape-string
Ali picture Ali · Apr 3, 2013 · Viewed 8.9k times · Source

Should I use mysqli_real_escape_string or should I use prepared statements?

I've seen a tutorial now explaining prepared statements but I've seen them do the same thing as mysqli_real_escape_string but it uses more lines

Are there any benefits for prepared statements? What do you think is the best method to use?

Answer

Yogesh Suthar picture Yogesh Suthar · Apr 3, 2013

Use prepared statements because after using this you doesn't have to use mysqli_real_escape_string. prepared statements doing this as by default.

Related questions

MySQLi prepared statements error reporting

I'm trying to get my head around MySQli and I'm confused by the error reporting. I am using the return value of the MySQLi 'prepare' statement to detect errors when executing SQL, like this: $stmt_test = $mysqliDatabaseConnection->stmt_init(); …

Read More
Call to a member function bind_param() on a non-object

I am trying to bind a variable in this prepared statement, but i keep receiving the error: Call to a member function bind_param() on a non-object The function is called, and variables are passed to it. When i change …

Read More
Example of how to use bind_result vs get_result

I would like to see an example of how to call using bind_result vs. get_result and what would be the purpose of using one over the other. Also the pro and cons of using each. What is the …

Read More