robert_gsfame Posted January 22, 2010 Share Posted January 22, 2010 how can i use mysql_real_escape_string() when i have the following query SELECT * FROM $table WHERE $search LIKE '%$data%' AND user_id='$userid' thx in advance Link to comment https://forums.phpfreaks.com/topic/189382-mysql_real_escape_string-problem/ Share on other sites More sharing options...
Andy-H Posted January 22, 2010 Share Posted January 22, 2010 $query = "SELECT * FROM " . $table . " WHERE " . mysql_real_escape_string($search) . " LIKE '%" . mysql_real_escape_string($data) . "%' AND user_id=" . (int)$userid; Assuming a valid mysql connection has been previously establised, $table is safe (hardcoded) data supplied by yourself and userid is an integer. Link to comment https://forums.phpfreaks.com/topic/189382-mysql_real_escape_string-problem/#findComment-999700 Share on other sites More sharing options...
robert_gsfame Posted January 22, 2010 Author Share Posted January 22, 2010 thx andy-H!! Link to comment https://forums.phpfreaks.com/topic/189382-mysql_real_escape_string-problem/#findComment-999705 Share on other sites More sharing options...
Andy-H Posted January 22, 2010 Share Posted January 22, 2010 No problem Link to comment https://forums.phpfreaks.com/topic/189382-mysql_real_escape_string-problem/#findComment-999706 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.