diff --git a/language-snippets.ent b/language-snippets.ent index 8867eb60ea..dd7482101f 100644 --- a/language-snippets.ent +++ b/language-snippets.ent @@ -1676,6 +1676,13 @@ linkend="book.mysqlnd">mysqlnd.'> hand-shake/authentication, which mysqlnd will use.Libmysqlclient uses the default charset set in the my.cnf or by an explicit call to mysqli_options prior to calling mysqli_real_connect, but after mysqli_init.'> + +Security warning: SQL injectionIf the query contains any variable +input then parameterized +prepared statements should be used instead. Alternatively, the +data must be properly formatted and all strings must be escaped using +the mysqli_real_escape_string +function.'> This function is supported when PHP diff --git a/reference/mysqli/mysqli/multi-query.xml b/reference/mysqli/mysqli/multi-query.xml index dc30f7f0de..9667c67358 100644 --- a/reference/mysqli/mysqli/multi-query.xml +++ b/reference/mysqli/mysqli/multi-query.xml @@ -42,9 +42,7 @@ The query, as a string. - - Data inside the query should be properly escaped. - + &mysqli.sqlinjection.warning; diff --git a/reference/mysqli/mysqli/query.xml b/reference/mysqli/mysqli/query.xml index 3df7427eed..e240544576 100644 --- a/reference/mysqli/mysqli/query.xml +++ b/reference/mysqli/mysqli/query.xml @@ -77,17 +77,7 @@ The query string. - - Security warning: SQL injection - - If the query contains any variable input then - parameterized - prepared statements should be used instead. Alternatively, the - data must be properly formatted and all strings must be escaped using - the mysqli_real_escape_string - function. - - + &mysqli.sqlinjection.warning; diff --git a/reference/mysqli/mysqli/real-query.xml b/reference/mysqli/mysqli/real-query.xml index e4e5f08fc5..b7a2e4e42d 100644 --- a/reference/mysqli/mysqli/real-query.xml +++ b/reference/mysqli/mysqli/real-query.xml @@ -42,17 +42,7 @@ The query string. - - Security warning: SQL injection - - If the query contains any variable input then - parameterized - prepared statements should be used instead. Alternatively, the - data must be properly formatted and all strings must be escaped using - the mysqli_real_escape_string - function. - - + &mysqli.sqlinjection.warning;