hi all,
i am actually working on a project. But the mysql_real_escape_string() is not working on my php5 codes. Can anyone suggest me an alternative to avoid sql injection, plz!
Thank you!
ajay.motah
0
Newbie Poster
Recommended Answers
Jump to PostPlease show us your code, becuase that function is supposed to work, no matter what! as with all functions, there must be something you are doing wrong.
All 3 Replies
Clanstrom
0
Light Poster
Please show us your code, becuase that function is supposed to work, no matter what! as with all functions, there must be something you are doing wrong.
ajay.motah
0
Newbie Poster
ok here is the code:
$txtAucName=mysql_real_escape_string($_POST['txtAuction']);
its taking in " '" etc like characters to the db
So can u please suggest a proper way to make sure data is stored correctly to the db and prevert other sql injections.
thank you
iamthwee
What does it echo out?
When you do an echo $txtAucName?
And what is your input?
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.