Mysqli_Real_Escape_String Problem

[hakouka]

hello larry !

 

i learn your book 4,

in ensuring Secure SQL chapter i write like your example but the mysqli_real_escape_string is not working i do everything like you connecto to database with require ('include/mysqli_connect.php'); // Connect to theand i input name like kali' and i input like fister"-* . but i find him in localhost like this name and i print him in view user i find him like i write .

 

[Larry]

I'm not quite following here. What makes you say that mysqli_real_escape_string() is not working?

[hakouka]

YES .

[Larry]

No, sorry, I did not ask a yes/no question. My question is: what evidence do you have that it's not working? For example, if it wasn't working, when you provided a value like 

'; drop tables

the resulting query would break.

[hakouka]

thank you larry 

 

$fn = mysqli_real_escape_string($conn,trim($_POST['first_name']));

 

this is the code , when i input last name like : larry']  or larry" , is register in database with ' and " .

[Larry]

Yes, that is correct. That is what it should be doing. What it's not doing is breaking the query, which shows that mysqli_real_escape_string() is working.