Dear Larry,
I am the customer who purchase your book PHP and MySql for Dynamic Website 4th edition. Now I read chapter 9 and reach the section of Ensure Secure SQL.
I found that we will use function mysqli_real_escape_string for a security reason. If you have a book in your hand please open to page 287 and read the line 40.
$p = mysqli_real_escape_string($dbc, trim($_POST['pass1']));
From here I have a question. We use the mysqli_real_escape_string function to secure sql, so it mean some character might now allow to enter because of security reason. But in form password, user can choose any character that they need (alphabet, number, symbol...) in order to make password difficult to crack. If we use this function, what happend if user need ot use the character that they need and will impact to sql security? How many character will not be allow to use when using mysqli_real_escape_string function?
Thank,
Kanel