centenial Posted April 21, 2007 Share Posted April 21, 2007 Hi, Does anyone know of a good function that makes an sql query "safe" to put inside the mysq_query() function? I tried the mysql_real_escape_string() function, but that saves a backslash in front of every quote I have in the database. Which is annoying. Anyone have some advice? Link to comment https://forums.phpfreaks.com/topic/48023-make-sql-query-safe/ Share on other sites More sharing options...
Lumio Posted April 21, 2007 Share Posted April 21, 2007 <?php mysql_query("SELECT * FROM `table` WHERE `column` = '".mysql_real_escape_string("foo='bar'").";"); ?> Link to comment https://forums.phpfreaks.com/topic/48023-make-sql-query-safe/#findComment-234710 Share on other sites More sharing options...
taith Posted April 21, 2007 Share Posted April 21, 2007 this one is by far the best... theres nothing to mess around with... $safe=htmlentities($string, ENT_QUOTES); when you pull info out just translate it back :-) Link to comment https://forums.phpfreaks.com/topic/48023-make-sql-query-safe/#findComment-234714 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.