Just a quick question regarding PHP/MySQL security:
Does mysql_real_escape_string() provide sufficient protection to safely write user-submitted data to a database without any further validation? In other words, would the following be considered secure code:
<?php $data = mysql_real_escape_string($_POST['BigTextField']); mysql_query("INSERT INTO Table SET BigTextField='$data'"); ?>
I’m aware this could cause problems if/when the data is retrieved and displayed to users, but right now I’m mainly concerned if this code is secure from the standpoint of MySQL or PHP injection attacks.