Jump to content

What is best way to convert stuff from form to sql


Mudsaf
 Share

Recommended Posts

What is best way to protect data from html form to database and still preventing mysql injections. So far i've used mysql_real_escape_string(); but it adds \ to every '.

  • Like 1
Link to comment
Share on other sites

mysql_real_escape_string works. If you're getting more backslashes than you should then your server probably has magic quotes activated. To make sure this doesn't happen, you can detect if magic quotes is enabled and then remove the slashes before applying mysql_real_escape_string:

if(get_magic_quotes_gpc()) {    stripslashes($data);}mysql_real_escape_string($data);

  • Like 1
Link to comment
Share on other sites

you can also use prepared statments which are more better than escaping. also if you have access to php.ini you can set "magic_quote_gpc" off from there.

  • Like 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...