Jump to content
Larry Ullman's Book Forums
Sign in to follow this  
hakouka

Mysqli_Real_Escape_String Problem

Recommended Posts

hello larry !

 

i learn your book 4,

in ensuring Secure SQL chapter i write like your example but the mysqli_real_escape_string is not working i do everything like you connecto to database with require ('include/mysqli_connect.php'); // Connect to theand i input name like kali' and i input like fister"-* . but i find him in localhost like this name and i print him in view user i find him like i write .

 

Share this post


Link to post
Share on other sites

No, sorry, I did not ask a yes/no question. My question is: what evidence do you have that it's not working? For example, if it wasn't working, when you provided a value like 

'; drop tables

the resulting query would break.

Share this post


Link to post
Share on other sites

thank you larry 

 

$fn = mysqli_real_escape_string($conn,trim($_POST['first_name']));

 

this is the code , when i input last name like : larry']  or larry" , is register in database with ' and " .

Share this post


Link to post
Share on other sites

Yes, that is correct. That is what it should be doing. What it's not doing is breaking the query, which shows that mysqli_real_escape_string() is working.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×