nbbcj Posted May 28, 2012 Share Posted May 28, 2012 hi all im a noob and still learning but this sql inject rattles my brain lol will this protect me $add_pn = mysql_real_escape_string($_POST['pro_name']); and what do i use with this $id=mysql_result($result,$i,"id"); Link to comment https://forums.phpfreaks.com/topic/263240-sql-inject/ Share on other sites More sharing options...
Pikachu2000 Posted May 28, 2012 Share Posted May 28, 2012 First question: Yes, as long as the value is a string, and quoted in the query. Second question: Nothing. Link to comment https://forums.phpfreaks.com/topic/263240-sql-inject/#findComment-1349088 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.