Do I have to use mysql_real_escape_string if I bind parameters?
Posted
by Babak
on Stack Overflow
See other posts from Stack Overflow
or by Babak
Published on 2010-02-17T20:54:25Z
Indexed on
2010/03/25
1:43 UTC
Read the original article
Hit count: 411
I have the following code:
function dbPublish($status)
{
global $dbcon, $dbtable;
if(isset($_GET['itemId']))
{
$sqlQuery = 'UPDATE ' . $dbtable . ' SET active = ? WHERE id = ?';
$stmt = $dbcon->prepare($sqlQuery);
$stmt->bind_param('ii', $status, $_GET['itemId']);
$stmt->execute();
$stmt->close();
}
}
Do I need to mysql_real_escape_string in this case or am i okay?
© Stack Overflow or respective owner