Guest Posted February 18, 2013 Share Posted February 18, 2013 Hi Everyone, I have a form on my website where I allow people in insert information. That information will go into my database. My question is, how do I make sure the user/visitor isn't inputting apostrophe's into my database? Below I'm using the ergi_replace function which doesn't seem to work. What else can i do? $variable = stripslashes($variable); $variable = mysql_real_escape_string($variable); $variable = eregi_replace("'", " ", $variable); Thanks Link to comment https://forums.phpfreaks.com/topic/274641-protecting-against-a-mysql-attack/ Share on other sites More sharing options...
AyKay47 Posted February 18, 2013 Share Posted February 18, 2013 The user can input apostrophe's without tampering with the SQL code as long as mysql_real_escape_string() is called on the data before using it in the SQL statement. This will escape any potentially harmful characters so they are not parsed as literal characters. Link to comment https://forums.phpfreaks.com/topic/274641-protecting-against-a-mysql-attack/#findComment-1413190 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.