TheFilmGod Posted June 23, 2008 Share Posted June 23, 2008 In one of my tables in mysql I will have a name field. Some names can be O'Brien and thus they have a quote. So during my validation step I will allow names to contain single quotes. Can anyone please explain the extra precautions I may have to take to ensure that the inputed names don't inject into mysql and maliciously corrupt the system? Quote Link to comment Share on other sites More sharing options...
jaymc Posted June 23, 2008 Share Posted June 23, 2008 $name = mysql_real_escape_string($_GET['name']); That will do everything needed to make sure dynamic user controlled input cant screw your query up Quote Link to comment Share on other sites More sharing options...
TheFilmGod Posted June 23, 2008 Author Share Posted June 23, 2008 $name = mysql_real_escape_string($_GET['name']); That will do everything needed to make sure dynamic user controlled input cant screw your query up Isn't this deprecated? Or am I getting confused with some other mysql quote function? And what exactly does the function do? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.