Hi,

Me again...

Just wanted to know, i have this piece of code to enter the data from a registration form of mine into the user db.

I want to use the mysql_real_escape_string to help stop those evil people who enjoys hacking from hacking my DB

$query = "INSERT INTO userinformation (username, first_name, last_name, email, password, date_time) VALUES ('$username', '$first_name', '$last_name', '$email', '$password', '$date_time')";

could someone tell me where i need to put the mysql_real_escape_string function to stop it happening, i am not sure where i place it by or how i code it,

thank you,
genieuk

Edited 3 Years Ago by pritaeas: Added markdown.

$username=mysql_real_escape_string($username);

write before the query

Hi,

Me again...

Just wanted to know, i have this piece of code to enter the data from a registration form of mine into the user db.

I want to use the mysql_real_escape_string to help stop those evil people who enjoys hacking from hacking my DB

$query = "INSERT INTO userinformation (username, first_name, last_name, email, password, date_time) VALUES ('$username', '$first_name', '$last_name', '$email', '$password', '$date_time')";

could someone tell me where i need to put the mysql_real_escape_string function to stop it happening, i am not sure where i place it by or how i code it,

thank you,
genieuk

hi im new to preventing sql injection please could some tell me where i need to put this in the query??

$sql = "INSERT INTO voucher(Name, Email, FavouriteArtist, Gallery, VoucherValue, NewCustomer, Added_Time) 
                    VALUES ('{$name}','{$email}','{$featured_artist}','{$nearest_gallery}','50', 'NO', '".time()."')";
This question has already been answered. Start a new discussion instead.