kwame123 Posted October 4, 2017 Share Posted October 4, 2017 (edited) <?php include($_SERVER['DOCUMENT_ROOT']."/ext/inc/header.php"); $q = $_REQUEST["q"]; $username = mysqli_real_escape_string($conn, $q); //echo $username."test<Br>"; echo $q; mysqli_close($conn); ?> $q is the string that is being typed in an input box on another page. $username wont echo but $q will. how to escape $q so i can use it in database quires? Edited October 4, 2017 by kwame123 Quote Link to comment Share on other sites More sharing options...
Solution Barand Posted October 4, 2017 Solution Share Posted October 4, 2017 (edited) Perhaps it doesn't echo because you commented out the line. Don't escape the variable, use prepared statements instead, binding the variable as a parameter. EDIT: BTW, PDO makes it a lot easier than mysqli Edited October 4, 2017 by Barand Quote Link to comment Share on other sites More sharing options...
kwame123 Posted October 4, 2017 Author Share Posted October 4, 2017 Perhaps it doesn't echo because you commented out the line. Don't escape the variable, use prepared statements instead, binding the variable as a parameter i commented out the line because the line didnt work. and okay i will look into it Quote Link to comment Share on other sites More sharing options...
kwame123 Posted October 4, 2017 Author Share Posted October 4, 2017 So something like this https://www.w3schools.com/php/func_mysqli_stmt_init.asp http://php.net/manual/en/mysqli-stmt.prepare.php Quote Link to comment Share on other sites More sharing options...
gizmola Posted October 4, 2017 Share Posted October 4, 2017 Yes. 1 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.