Hi everyone!!
mysql_real_escape_string( ) is a function that is used to secure pages that involve database storage and retrieval later on. It is effective against attacks like SQL injections.
$name = mysql_real_escape_string($_POST('name'));
here $_POST('name') is input from form element.
It may be used in in combination with more functions to reinforce the security as follows:
$name=mysql_real_escape_string(stripslashes(trim($_POST["name"])));
It is used before executing the insert or update query in mysql. Its main function is to skip all the special characters that can alter a query during SQL injections and such attacks. So to keep your website safe, it is a must do step.
A point worth paying attention is that inputs that essentially require special characters are to be dealt carefully. Try to make inputs alphanumeric whenever possible.
mysql_real_escape_string( ) is a function that is used to secure pages that involve database storage and retrieval later on. It is effective against attacks like SQL injections.
$name = mysql_real_escape_string($_POST('name'));
here $_POST('name') is input from form element.
It may be used in in combination with more functions to reinforce the security as follows:
$name=mysql_real_escape_string(stripslashes(trim($_POST["name"])));
It is used before executing the insert or update query in mysql. Its main function is to skip all the special characters that can alter a query during SQL injections and such attacks. So to keep your website safe, it is a must do step.
A point worth paying attention is that inputs that essentially require special characters are to be dealt carefully. Try to make inputs alphanumeric whenever possible.
No comments:
Post a Comment