hakouka 0 Posted January 3, 2017 Report Share Posted January 3, 2017 hello larry ! i learn your book 4, in ensuring Secure SQL chapter i write like your example but the mysqli_real_escape_string is not working i do everything like you connecto to database with require ('include/mysqli_connect.php'); // Connect to theand i input name like kali' and i input like fister"-* . but i find him in localhost like this name and i print him in view user i find him like i write . Quote Link to post Share on other sites
Larry 428 Posted January 4, 2017 Report Share Posted January 4, 2017 I'm not quite following here. What makes you say that mysqli_real_escape_string() is not working? Quote Link to post Share on other sites
hakouka 0 Posted January 5, 2017 Author Report Share Posted January 5, 2017 YES . Quote Link to post Share on other sites
Larry 428 Posted January 7, 2017 Report Share Posted January 7, 2017 No, sorry, I did not ask a yes/no question. My question is: what evidence do you have that it's not working? For example, if it wasn't working, when you provided a value like '; drop tables the resulting query would break. Quote Link to post Share on other sites
hakouka 0 Posted January 9, 2017 Author Report Share Posted January 9, 2017 thank you larry $fn = mysqli_real_escape_string($conn,trim($_POST['first_name'])); this is the code , when i input last name like : larry'] or larry" , is register in database with ' and " . Quote Link to post Share on other sites
Larry 428 Posted January 9, 2017 Report Share Posted January 9, 2017 Yes, that is correct. That is what it should be doing. What it's not doing is breaking the query, which shows that mysqli_real_escape_string() is working. Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.