Hi All ,
I am using the below function named it as "protect" and passing every POST variable through it before using it in my PHP script.
function protect($string){
$string = trim(strip_tags(addslashes($string)));
return $string;
And then using it as below --
$Customer_id = protect($_POST['cust_id']);
My question is which is more secure , the below mysql_real_escape_string or the above protect function--
$Customer_id = mysql_real_escape_string($_POST['cust_id']);
In both the cases I am going to use the $Customer_id in the MySql query, so just worried about which one us more secure Injection wise.
Thanks