Search the Community

hello larry ! i learn your book 4, in ensuring Secure SQL chapter i write like your example but the mysqli_real_escape_string is not working i do everything like you connecto to database with require ('include/mysqli_connect.php'); // Connect to theand i input name like kali' and i input like fister"-* . but i find him in localhost like this name and i print him in view user i find him like i write .

Dear Larry, I am the customer who purchase your book PHP and MySql for Dynamic Website 4th edition. Now I read chapter 9 and reach the section of Ensure Secure SQL. I found that we will use function mysqli_real_escape_string for a security reason. If you have a book in your hand please open to page 287 and read the line 40. $p = mysqli_real_escape_string($dbc, trim($_POST['pass1'])); From here I have a question. We use the mysqli_real_escape_string function to secure sql, so it mean some character might now allow to enter because of security reason. But in form password, user can choose any character that they need (alphabet, number, symbol...) in order to make password difficult to crack. If we use this function, what happend if user need ot use the character that they need and will impact to sql security? How many character will not be allow to use when using mysqli_real_escape_string function? Thank, Kanel