hi all
Do we use mysql_real_escape_string and htmlspecialchars while matching the values from database
orPHP Code:<?
$user_id = mysql_real_escape_string($_POST['user_id']);
if($user_id = $row['user_id']
{
/* do something */
}
?>
orPHP Code:<?
$user_id = mysql_real_escape_string($_POST['user_id']);
if($user_id == mysql_real_escape_string($row['user_id'])
{
/* do something */
}
?>
vineetPHP Code:<?
$user_id = mysql_real_escape_string($_POST['user_id']);
if($user_id == htmlspecialchars($row['user_id'])
{
/* do something */
}
?>
Reply With Quote
Bookmarks