hakouka 0 Report post Posted January 3, 2017 hello larry ! i learn your book 4, in ensuring Secure SQL chapter i write like your example but the mysqli_real_escape_string is not working i do everything like you connecto to database with require ('include/mysqli_connect.php'); // Connect to theand i input name like kali' and i input like fister"-* . but i find him in localhost like this name and i print him in view user i find him like i write . Quote Share this post Link to post Share on other sites
Larry 426 Report post Posted January 4, 2017 I'm not quite following here. What makes you say that mysqli_real_escape_string() is not working? Quote Share this post Link to post Share on other sites
hakouka 0 Report post Posted January 5, 2017 YES . Quote Share this post Link to post Share on other sites
Larry 426 Report post Posted January 7, 2017 No, sorry, I did not ask a yes/no question. My question is: what evidence do you have that it's not working? For example, if it wasn't working, when you provided a value like '; drop tables the resulting query would break. Quote Share this post Link to post Share on other sites
hakouka 0 Report post Posted January 9, 2017 thank you larry $fn = mysqli_real_escape_string($conn,trim($_POST['first_name'])); this is the code , when i input last name like : larry'] or larry" , is register in database with ' and " . Quote Share this post Link to post Share on other sites
Larry 426 Report post Posted January 9, 2017 Yes, that is correct. That is what it should be doing. What it's not doing is breaking the query, which shows that mysqli_real_escape_string() is working. Quote Share this post Link to post Share on other sites
