Hello Thone
you can use mysql_real_escape_string() or mysql_real_escape_string()
for versions prior to 4.3.0, to aissist with quoting mysql queries,
if you use another DB, look at the manual for the relevant escape
function.
I use this function after just before i insert variables into a sql str
I'm curious about how to protect SQL query. For example, if I get some
varaibles from user using GET or POST method. Then, I have to use it in
a SQL query sentense. How can I make sure that users don't do trick by
inserting some SQL command into the variable resulting in miss sql
command? Is th
2 matches
Mail list logo
