Question and answer is powered by AnsPress.io
Is there an SQL injection possibility even when using mysql_real_escape_string()
function?
$login = mysql_real_escape_string(GetFromPost('login')); $password = mysql_real_escape_string(GetFromPost('password')); $sql = "SELECT * FROM table WHERE login='$login' AND password='$password'";