Jump to content



Photo

Mysqli_Real_Escape_String Problem

mysqli_real_escape_string

  • Please log in to reply
5 replies to this topic

#1 hakouka

hakouka

    Newbie

  • Members
  • Pip
  • 3 posts

Posted 3 January 2017 - 4:45 AM

hello larry !

 

i learn your book 4,

in ensuring Secure SQL chapter i write like your example but the mysqli_real_escape_string is not working i do everything like you connecto to database with require ('include/mysqli_connect.php'); // Connect to theand i input name like kali' and i input like fister"-* . but i find him in localhost like this name and i print him in view user i find him like i write .

 

  • 0

#2 Larry

Larry

    Administrator/Writer

  • Administrators
  • 4749 posts
  • LocationState College, PA (USA)

Posted 4 January 2017 - 11:02 AM

I'm not quite following here. What makes you say that mysqli_real_escape_string() is not working?


  • 0

#3 hakouka

hakouka

    Newbie

  • Members
  • Pip
  • 3 posts

Posted 4 January 2017 - 10:33 PM

YES .


  • 0

#4 Larry

Larry

    Administrator/Writer

  • Administrators
  • 4749 posts
  • LocationState College, PA (USA)

Posted 6 January 2017 - 9:59 PM

No, sorry, I did not ask a yes/no question. My question is: what evidence do you have that it's not working? For example, if it wasn't working, when you provided a value like 

'; drop tables

the resulting query would break.


  • 0

#5 hakouka

hakouka

    Newbie

  • Members
  • Pip
  • 3 posts

Posted 9 January 2017 - 3:08 PM

thank you larry 

 

$fn = mysqli_real_escape_string($conn,trim($_POST['first_name']));

 

this is the code , when i input last name like : larry']  or larry" , is register in database with ' and " .


  • 0

#6 Larry

Larry

    Administrator/Writer

  • Administrators
  • 4749 posts
  • LocationState College, PA (USA)

Posted 9 January 2017 - 5:32 PM

Yes, that is correct. That is what it should be doing. What it's not doing is breaking the query, which shows that mysqli_real_escape_string() is working.


  • 0





Also tagged with one or more of these keywords: mysqli_real_escape_string