TheFilmGod Posted June 23, 2008 Share Posted June 23, 2008 In one of my tables in mysql I will have a name field. Some names can be O'Brien and thus they have a quote. So during my validation step I will allow names to contain single quotes. Can anyone please explain the extra precautions I may have to take to ensure that the inputed names don't inject into mysql and maliciously corrupt the system? Link to comment https://forums.phpfreaks.com/topic/111415-mysql-and-quotes/ Share on other sites More sharing options...
jaymc Posted June 23, 2008 Share Posted June 23, 2008 $name = mysql_real_escape_string($_GET['name']); That will do everything needed to make sure dynamic user controlled input cant screw your query up Link to comment https://forums.phpfreaks.com/topic/111415-mysql-and-quotes/#findComment-571951 Share on other sites More sharing options...
TheFilmGod Posted June 23, 2008 Author Share Posted June 23, 2008 $name = mysql_real_escape_string($_GET['name']); That will do everything needed to make sure dynamic user controlled input cant screw your query up Isn't this deprecated? Or am I getting confused with some other mysql quote function? And what exactly does the function do? Link to comment https://forums.phpfreaks.com/topic/111415-mysql-and-quotes/#findComment-571960 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.