The mysql_real_escape_string() function escapes special characters in a string for use in an SQL statement
The following characters are affected
Syntax : mysql_real_escape_string(string,connection)
string : Required. Specifies the string to be escaped
connection : Optional. Specifies the MySQL connection. If not specified, the last connection opened by mysql_connect() or mysql_pconnect() is used.
Example :
<?php
// Connect$link = mysql_connect('mysql_host', 'mysql_user', 'mysql_password') OR die(mysql_error());
// Query$query = sprintf("SELECT * FROM users WHERE user='%s' AND password='%s'",
// Query$query = sprintf("SELECT * FROM users WHERE user='%s' AND password='%s'",
mysql_real_escape_string($user),
mysql_real_escape_string($password));
?>
mysql_real_escape_string($password));
?>
No comments:
Post a Comment