MjM8082 Posted August 10, 2012 Share Posted August 10, 2012 What exactly does mysql_real_escape_string do? And please give examples not just what it is. Thanks Link to comment https://forums.phpfreaks.com/topic/266896-can-someone-please-explain-mysql_real_escape_string/ Share on other sites More sharing options...
MMDE Posted August 10, 2012 Share Posted August 10, 2012 http://php.net/manual/en/function.mysql-real-escape-string.php "Use of this extension is discouraged. Instead, the MySQLi or PDO_MySQL extension should be used. See also MySQL: choosing an API guide and related FAQ for more information. Alternatives to this function include: mysqli_real_escape_string() PDO::quote()" I guess you are following my advice and are attempting to sanitize the users' input, but I wouldn't recommend using mysql_real_escape_string to do so. Link to comment https://forums.phpfreaks.com/topic/266896-can-someone-please-explain-mysql_real_escape_string/#findComment-1368312 Share on other sites More sharing options...
peipst9lker Posted August 10, 2012 Share Posted August 10, 2012 The function escapes characters like ' and " to prevent MySQL Injections which is a sort of attack to gain access to your database without permission. $query = "SELECT * FROM table WHERE name = '".mysql_real_escape_string($userinput)."'"; Link to comment https://forums.phpfreaks.com/topic/266896-can-someone-please-explain-mysql_real_escape_string/#findComment-1368329 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.