Irish SEO, Marketing & Webmaster Discussion - View Single Post

Frodo · #4 (**permalink**) 20-03-2008, 04:20 AM

Quote:

Originally Posted by ziycon

Not that im aware of, what exactly does it do, tried to make sense of it but couldn't!?

It escapes nasty charters in you sql statements. It's essential to stop mysql injection attacks.

Your insert code should look like this:

PHP Code:

  $content = $_POST['content'];
$dbcontent = mysql_escape_string($content);
$sql="insert into some_table(msContent) values ('".$dbcontent."')";
$result = mysql_query($sql,$conn) or die("Fail");

Thread: PHP Adding/Editing DB via FORMS View Single Post

Thread: PHP Adding/Editing DB via FORMS
View Single Post