steviemac Posted January 3, 2012 Share Posted January 3, 2012 Could someone tell me if this is the proper use of mysql_real_escape_string or is there something better or more code that I can use to help prevent sql injections? $find = mysql_real_escape_string($find); $data = mysql_query("SELECT * FROM myuser WHERE upper(email) ='$find' LIMIT 1"); while($result = mysql_fetch_array( $data )) { echo "Success"; } Thank You for your help. Link to comment https://forums.phpfreaks.com/topic/254302-mysql_real_escape_string/ Share on other sites More sharing options...
premiso Posted January 3, 2012 Share Posted January 3, 2012 It looks proper to me. If you want to better prevent against SQL Injections, look into using Prepared Statements via PDO / MySQLi. Link to comment https://forums.phpfreaks.com/topic/254302-mysql_real_escape_string/#findComment-1303904 Share on other sites More sharing options...
steviemac Posted January 3, 2012 Author Share Posted January 3, 2012 Thanks for your help Link to comment https://forums.phpfreaks.com/topic/254302-mysql_real_escape_string/#findComment-1303907 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.