robert_gsfame Posted January 22, 2010 Share Posted January 22, 2010 how can i use mysql_real_escape_string() when i have the following query SELECT * FROM $table WHERE $search LIKE '%$data%' AND user_id='$userid' thx in advance Quote Link to comment Share on other sites More sharing options...
Andy-H Posted January 22, 2010 Share Posted January 22, 2010 $query = "SELECT * FROM " . $table . " WHERE " . mysql_real_escape_string($search) . " LIKE '%" . mysql_real_escape_string($data) . "%' AND user_id=" . (int)$userid; Assuming a valid mysql connection has been previously establised, $table is safe (hardcoded) data supplied by yourself and userid is an integer. Quote Link to comment Share on other sites More sharing options...
robert_gsfame Posted January 22, 2010 Author Share Posted January 22, 2010 thx andy-H!! Quote Link to comment Share on other sites More sharing options...
Andy-H Posted January 22, 2010 Share Posted January 22, 2010 No problem Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.