nbbcj Posted May 28, 2012 Share Posted May 28, 2012 hi all im a noob and still learning but this sql inject rattles my brain lol will this protect me $add_pn = mysql_real_escape_string($_POST['pro_name']); and what do i use with this $id=mysql_result($result,$i,"id"); Quote Link to comment https://forums.phpfreaks.com/topic/263240-sql-inject/ Share on other sites More sharing options...
Pikachu2000 Posted May 28, 2012 Share Posted May 28, 2012 First question: Yes, as long as the value is a string, and quoted in the query. Second question: Nothing. Quote Link to comment https://forums.phpfreaks.com/topic/263240-sql-inject/#findComment-1349088 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.