[RESOLVED] mysql_real_escape_string()??

verN

when is it bst to use
$num= mysql_real_escape_string($num);
after an sql statement or before

thanks

suntra

Before, it's not use to use it after...

mysql_real_escape_string() will escape a string before its insertion in a DB to prevent any form of code to be executed. For example, quotes are added a backslash before (" => \"), and so on.

As they always say, "Never trust user's input !"

verN

just to confirm before it is

suntra

More info at www.php.net/mysql_real_escape_string