Do I have to use mysql_real_escape_string if I bind parameters?

Posted by Babak on Stack Overflow See other posts from Stack Overflow or by Babak
Published on 2010-02-17T20:54:25Z Indexed on 2010/03/25 1:43 UTC
Read the original article Hit count: 411

I have the following code:

function dbPublish($status)
{
 global $dbcon, $dbtable;

 if(isset($_GET['itemId']))
 {
  $sqlQuery = 'UPDATE ' . $dbtable . ' SET active = ? WHERE id = ?';
  $stmt = $dbcon->prepare($sqlQuery);
  $stmt->bind_param('ii', $status, $_GET['itemId']);
  $stmt->execute();
  $stmt->close();
 }
}

Do I need to mysql_real_escape_string in this case or am i okay?

© Stack Overflow or respective owner

Related posts about php

Related posts about mysql-real-escape-string