robert_gsfame Posted January 24, 2010 Share Posted January 24, 2010 I am new to mysql_real_escape_string() but i wish to use this as it might help preventing me from sql_injection attack. If let say users insert this record myname"james" then i will have it in my database like this myname\"james\" and when i retrieve it from my database i will get the same either.. What should i do?? do i need anything else besides mysql_real_escape_string() ?? Link to comment https://forums.phpfreaks.com/topic/189593-mysql_real_escape_string-question/ Share on other sites More sharing options...
Catfish Posted January 24, 2010 Share Posted January 24, 2010 if there's slashes you want to remove from a string use stripslashes() - http://au.php.net/manual/en/function.stripslashes.php Link to comment https://forums.phpfreaks.com/topic/189593-mysql_real_escape_string-question/#findComment-1000690 Share on other sites More sharing options...
robert_gsfame Posted January 24, 2010 Author Share Posted January 24, 2010 do i have to put this when retrieving the record?? Link to comment https://forums.phpfreaks.com/topic/189593-mysql_real_escape_string-question/#findComment-1000691 Share on other sites More sharing options...
laffin Posted January 24, 2010 Share Posted January 24, 2010 on any record that uses mysql_real_escape_string, yes. Link to comment https://forums.phpfreaks.com/topic/189593-mysql_real_escape_string-question/#findComment-1000694 Share on other sites More sharing options...
robert_gsfame Posted January 24, 2010 Author Share Posted January 24, 2010 but let say i have this inside my database myname"\james\" and i use stripslashes() to retrieve the data into my textbox then it goes like this myname Is it correct if i use htmlspecialchars() or htmlentities for this Link to comment https://forums.phpfreaks.com/topic/189593-mysql_real_escape_string-question/#findComment-1000755 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.