mysql_real_escape_string ?

Question

genieuk 0 Junior Poster

15 Years Ago

Hi,

Me again...

Just wanted to know, i have this piece of code to enter the data from a registration form of mine into the user db.

I want to use the mysql_real_escape_string to help stop those evil people who enjoys hacking from hacking my DB

$query = "INSERT INTO userinformation (username, first_name, last_name, email, password, date_time) VALUES ('$username', '$first_name', '$last_name', '$email', '$password', '$date_time')";

could someone tell me where i need to put the mysql_real_escape_string function to stop it happening, i am not sure where i place it by or how i code it,

thank you,
genieuk

mysql php sql

Edited 11 Years Ago by pritaeas because: Added markdown.

6 Contributors
6 Replies
278 Views
4 Years Discussion Span
Latest Post 11 Years Ago Latest Post by pritaeas

sarithak 0 Junior Poster

15 Years Ago

$username=mysql_real_escape_string($username);

write before the query

Hi,
Me again...
Just wanted to know, i have this piece of code to enter the data from a registration form of mine into the user db.
I want to use the mysql_real_escape_string to help stop those evil people who enjoys hacking from hacking my DB
$query = "INSERT INTO userinformation (username, first_name, last_name, email, password, date_time) VALUES ('$username', '$first_name', '$last_name', '$email', '$password', '$date_time')";
could someone tell me where i need to put the mysql_real_escape_string function to stop it happening, i am not sure where i place it by or how i code it,
thank you,
genieuk

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

Aamit -7 Posting Whiz · Answer 1 · 2009-05-06T11:01:09+00:00

check out link..
http://in2.php.net/mysql_real_escape_string

hope will help you..

TopDogger 5 Junior Poster in Training · Answer 2 · 2009-05-07T05:17:54+00:00

TopDogger 5 Junior Poster in Training

15 Years Ago

This might also help.

Preventing SQL Injection

genieuk 0 Junior Poster · Answer 3 · 2009-05-07T06:25:21+00:00

This might also help.
Preventing SQL Injection

Thank you, althou i sorted it that is a very good read. Much appreciated.

Thanks very much.
genieuk

websak 0 Newbie Poster · Answer 4 · 2013-06-25T21:57:37+00:00

hi im new to preventing sql injection please could some tell me where i need to put this in the query??

$sql = "INSERT INTO voucher(Name, Email, FavouriteArtist, Gallery, VoucherValue, NewCustomer, Added_Time) 
                    VALUES ('{$name}','{$email}','{$featured_artist}','{$nearest_gallery}','50', 'NO', '".time()."')";

pritaeas 2,194 ¯\_(ツ)_/¯ Moderator Featured Poster · Answer 5 · 2013-06-26T07:26:33+00:00

Use MySQLi or PDO and use bound parameters instead of string concatenation.