When should i use mysql_real_escape_string?
Is it only when i'm inserting rows into a database? Or only when i have user input?
Thanks
You should use mysql_real_escape_string() whenever you're building a query that will be run against the database. Any user input that is being used to build a database query should be run through this function. This will prevent sql injection attacks.
User inputs are your big area of concern when it comes to this.