Is this a good way to prevent SQL injection before running a database query?
$name = mysql_real_escape_string(stripslashes($name));
$age = mysql_real_escape_string(stripslashes($age));
$location = mysql_real_escape_string(stripslashes($location));
Thanks in advance!
See Question&Answers more detail:os