Jump to content
Larry Ullman's Book Forums
Sign in to follow this  
hakouka

Mysqli_Real_Escape_String Problem

Recommended Posts

hello larry !

 

i learn your book 4,

in ensuring Secure SQL chapter i write like your example but the mysqli_real_escape_string is not working i do everything like you connecto to database with require ('include/mysqli_connect.php'); // Connect to theand i input name like kali' and i input like fister"-* . but i find him in localhost like this name and i print him in view user i find him like i write .

 

Share this post


Link to post
Share on other sites

No, sorry, I did not ask a yes/no question. My question is: what evidence do you have that it's not working? For example, if it wasn't working, when you provided a value like 

'; drop tables

the resulting query would break.

Share this post


Link to post
Share on other sites

thank you larry 

 

$fn = mysqli_real_escape_string($conn,trim($_POST['first_name']));

 

this is the code , when i input last name like : larry']  or larry" , is register in database with ' and " .

Share this post


Link to post
Share on other sites

Yes, that is correct. That is what it should be doing. What it's not doing is breaking the query, which shows that mysqli_real_escape_string() is working.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

×
×
  • Create New...