All data should be escaped before going into a query, to prevent a SQL-injection attack. The current “best practice” is to use mysql_real_escape_string(), which connects to the DB, checks how strings should be escaped, and then returns the safe string.
Unfortunately, this requires a round trip to the DB, and it takes time and resources. Here’s […]
Continue reading about Quick Tip: Save time on escaping from mysql_real_escape_string()