Mudsaf Posted November 3, 2012 Share Posted November 3, 2012 What is best way to protect data from html form to database and still preventing mysql injections. So far i've used mysql_real_escape_string(); but it adds \ to every '. 1 Link to comment Share on other sites More sharing options...
Ingolme Posted November 3, 2012 Share Posted November 3, 2012 mysql_real_escape_string works. If you're getting more backslashes than you should then your server probably has magic quotes activated. To make sure this doesn't happen, you can detect if magic quotes is enabled and then remove the slashes before applying mysql_real_escape_string: if(get_magic_quotes_gpc()) { stripslashes($data);}mysql_real_escape_string($data); 1 Link to comment Share on other sites More sharing options...
birbal Posted November 3, 2012 Share Posted November 3, 2012 you can also use prepared statments which are more better than escaping. also if you have access to php.ini you can set "magic_quote_gpc" off from there. 1 Link to comment Share on other sites More sharing options...
Mudsaf Posted November 8, 2012 Author Share Posted November 8, 2012 Thankyou it was magic_quote_gpc that was enabled & fixed now. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now