robert_gsfame Posted January 24, 2010 Share Posted January 24, 2010 I am new to mysql_real_escape_string() but i wish to use this as it might help preventing me from sql_injection attack. If let say users insert this record myname"james" then i will have it in my database like this myname\"james\" and when i retrieve it from my database i will get the same either.. What should i do?? do i need anything else besides mysql_real_escape_string() ?? Quote Link to comment Share on other sites More sharing options...
Catfish Posted January 24, 2010 Share Posted January 24, 2010 if there's slashes you want to remove from a string use stripslashes() - http://au.php.net/manual/en/function.stripslashes.php Quote Link to comment Share on other sites More sharing options...
robert_gsfame Posted January 24, 2010 Author Share Posted January 24, 2010 do i have to put this when retrieving the record?? Quote Link to comment Share on other sites More sharing options...
laffin Posted January 24, 2010 Share Posted January 24, 2010 on any record that uses mysql_real_escape_string, yes. Quote Link to comment Share on other sites More sharing options...
robert_gsfame Posted January 24, 2010 Author Share Posted January 24, 2010 but let say i have this inside my database myname"\james\" and i use stripslashes() to retrieve the data into my textbox then it goes like this myname Is it correct if i use htmlspecialchars() or htmlentities for this Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.