UnitedForums.co.uk - View Single Post

MrBen · 7th July 2008, 12:41 PM

Check out mysql_real_escape_string which can be used to escape input so it can be safely inserted into the database.

Or move to using the new mysqli library in PHP5 for connecting to MySQL. You can then use mysqli_prepare and mysqli_stmt_bind_param. You don't need to bother escaping the input then as it is handled for you.

Ben

7th July 2008, 12:41 PM	#3 (permalink)
MrBen Munky! Join Date: Sep 2003 Location: nr Woking, England Posts: 2,598	Check out mysql_real_escape_string which can be used to escape input so it can be safely inserted into the database. Or move to using the new mysqli library in PHP5 for connecting to MySQL. You can then use mysqli_prepare and mysqli_stmt_bind_param. You don't need to bother escaping the input then as it is handled for you. Ben __________________ Veterinary Practice Management System by SoftFooding Internet Data Usage Calculator: Estimate your monthly bandwidth usage for your Internet connection.