hakouka Posted January 3, 2017 Share Posted January 3, 2017 hello larry ! i learn your book 4, in ensuring Secure SQL chapter i write like your example but the mysqli_real_escape_string is not working i do everything like you connecto to database with require ('include/mysqli_connect.php'); // Connect to theand i input name like kali' and i input like fister"-* . but i find him in localhost like this name and i print him in view user i find him like i write . Link to comment Share on other sites More sharing options...
Larry Posted January 4, 2017 Share Posted January 4, 2017 I'm not quite following here. What makes you say that mysqli_real_escape_string() is not working? Link to comment Share on other sites More sharing options...
hakouka Posted January 5, 2017 Author Share Posted January 5, 2017 YES . Link to comment Share on other sites More sharing options...
Larry Posted January 7, 2017 Share Posted January 7, 2017 No, sorry, I did not ask a yes/no question. My question is: what evidence do you have that it's not working? For example, if it wasn't working, when you provided a value like '; drop tables the resulting query would break. Link to comment Share on other sites More sharing options...
hakouka Posted January 9, 2017 Author Share Posted January 9, 2017 thank you larry $fn = mysqli_real_escape_string($conn,trim($_POST['first_name'])); this is the code , when i input last name like : larry'] or larry" , is register in database with ' and " . Link to comment Share on other sites More sharing options...
Larry Posted January 9, 2017 Share Posted January 9, 2017 Yes, that is correct. That is what it should be doing. What it's not doing is breaking the query, which shows that mysqli_real_escape_string() is working. Link to comment Share on other sites More sharing options...
Recommended Posts