mysql_real_escape_string

dotJoon · December 2, 2010, 1:07am

$query="select id from myTable1 where title='".$_POST['myVar']."' " ;

The code above works fine.

And the code below also works fine.

$title = mysql_real_escape_string($_POST['myVar']);
$query="select id from myTable1 where title='".$_POST['myVar']."' " ;

What’s the meaning of "$title = mysql_real_escape_string($_POST[‘myVar’]); "?
How does it prevent SQL injection?

Raffles · December 2, 2010, 1:12am

[B]Read the manual!!!

[/B]1. Go to php.net
2. Type “mysql_real_escape_string” in the search box in the top right.
3. Read and you will learn.

system · December 2, 2010, 1:20am

I’ll give you the link

RTFM (Read This For More)

yesterday you mentioned that language is a barrier to reading the manual, but there is a wide range of languages you can choose from to view the manual.

also, some examples of sql injection

dotJoon · December 2, 2010, 1:29am

Thank you for your kind suggestion to the link although I already found the link by Raffles guide.

language is one of the barriers.

logic_earth · December 2, 2010, 2:08am

Korean: http://docs.php.net/manual/kr/function.mysql-real-escape-string.php

Topic		Replies	Views
mysqli_real_escape_string PHP	8	3593	October 8, 2014
Mysqli_real_escape_string() PHP/MYSQL Function HELP PHP	9	4122	November 26, 2019
mysql_real_escape_string() problem PHP	7	2156	October 8, 2014
Mysql_real_escape_string for POST PHP	8	1052	April 6, 2020
mysqli_real_escape_string PHP	23	5124	November 10, 2014

mysql_real_escape_string

Related topics