If mysql_real_escape_string() works fine on your server you can certainly use it instead, but I have experienced problems with it in the past; presumably something to do with character set support by the underlying libraries.
Whilst I understand that the "real" version respects the character set, I've not been able to find any discussion of what (if any) greater security this provides. My guess is that it may be possible when using the original version for a character within a string containing extended characters to become corrupted by part of it's byte-sequence being replaced by the escape character - however the actual level of security provided must be the same.
Hi,
If mysql_real_escape_string() works fine on your server you can certainly use it instead, but I have experienced problems with it in the past; presumably something to do with character set support by the underlying libraries.
Whilst I understand that the "real" version respects the character set, I've not been able to find any discussion of what (if any) greater security this provides. My guess is that it may be possible when using the original version for a character within a string containing extended characters to become corrupted by part of it's byte-sequence being replaced by the escape character - however the actual level of security provided must be the same.
Cheers,
David.