kwame123 Posted October 4, 2017 Share Posted October 4, 2017 <?php include($_SERVER['DOCUMENT_ROOT']."/ext/inc/header.php"); $q = $_REQUEST["q"]; $username = mysqli_real_escape_string($conn, $q); //echo $username."test<Br>"; echo $q; mysqli_close($conn); ?> $q is the string that is being typed in an input box on another page. $username wont echo but $q will. how to escape $q so i can use it in database quires? Link to comment Share on other sites More sharing options...
Barand Posted October 4, 2017 Share Posted October 4, 2017 Perhaps it doesn't echo because you commented out the line. Don't escape the variable, use prepared statements instead, binding the variable as a parameter. EDIT: BTW, PDO makes it a lot easier than mysqli Link to comment Share on other sites More sharing options...
kwame123 Posted October 4, 2017 Author Share Posted October 4, 2017 Perhaps it doesn't echo because you commented out the line. Don't escape the variable, use prepared statements instead, binding the variable as a parameter i commented out the line because the line didnt work. and okay i will look into it Link to comment Share on other sites More sharing options...
kwame123 Posted October 4, 2017 Author Share Posted October 4, 2017 So something like this https://www.w3schools.com/php/func_mysqli_stmt_init.asp http://php.net/manual/en/mysqli-stmt.prepare.php Link to comment Share on other sites More sharing options...
gizmola Posted October 4, 2017 Share Posted October 4, 2017 Yes. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.