hi all,
i am actually working on a project. But the mysql_real_escape_string() is not working on my php5 codes. Can anyone suggest me an alternative to avoid sql injection, plz!

Thank you!

Please show us your code, becuase that function is supposed to work, no matter what! as with all functions, there must be something you are doing wrong.

ok here is the code:

$txtAucName=mysql_real_escape_string($_POST['txtAuction']);

its taking in " '" etc like characters to the db
So can u please suggest a proper way to make sure data is stored correctly to the db and prevert other sql injections.

thank you

What does it echo out?

When you do an echo $txtAucName?

And what is your input?