MjM8082 Posted August 10, 2012 Share Posted August 10, 2012 What exactly does mysql_real_escape_string do? And please give examples not just what it is. Thanks Quote Link to comment https://forums.phpfreaks.com/topic/266896-can-someone-please-explain-mysql_real_escape_string/ Share on other sites More sharing options...
MMDE Posted August 10, 2012 Share Posted August 10, 2012 http://php.net/manual/en/function.mysql-real-escape-string.php "Use of this extension is discouraged. Instead, the MySQLi or PDO_MySQL extension should be used. See also MySQL: choosing an API guide and related FAQ for more information. Alternatives to this function include: mysqli_real_escape_string() PDO::quote()" I guess you are following my advice and are attempting to sanitize the users' input, but I wouldn't recommend using mysql_real_escape_string to do so. Quote Link to comment https://forums.phpfreaks.com/topic/266896-can-someone-please-explain-mysql_real_escape_string/#findComment-1368312 Share on other sites More sharing options...
peipst9lker Posted August 10, 2012 Share Posted August 10, 2012 The function escapes characters like ' and " to prevent MySQL Injections which is a sort of attack to gain access to your database without permission. $query = "SELECT * FROM table WHERE name = '".mysql_real_escape_string($userinput)."'"; Quote Link to comment https://forums.phpfreaks.com/topic/266896-can-someone-please-explain-mysql_real_escape_string/#findComment-1368329 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.