this is my code in which i am getting $_POST from a html form.i am using mysql_real_escape_string function that should escape characters like these
\x00
\n
\r
\
'
"
\x1a
but when i enter these special characters in the form .it is going in the database. it should be escaped .i dont why it is happening . please somebody help me !!!!!
<?php
$con = mysql_connect("localhost","","");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("finalcomments", $con);
unset($name);
if(isset($_POST['name']))
{
$_POST['name'] = trim($_POST['name']);
$name = mysql_real_escape_string($_POST['name']);
}
$sql="INSERT INTO $title(name) VALUES
('$name')";
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
echo "Your Comment Will be Reviewed";
mysql_close($con);
?>
}