Daily Technology News, Tips, and Reviews | Subscribe to Jason Slater Technology BlogTechnology Feed | Join Jason Slater on TwitterTwitter | Thursday 2nd September 2010

PHP: Avoiding mySQL Injections

By Jason Slater
Wednesday, 30 April 2008
  • DiggThis
  • Share

Sample code to avoid SQL injections using mysql_real_escape_string (http://uk.php.net/mysql_real_escape_string) which converts special characters to escape sequences to ensure they are suitable for submission to SQL

$mySQL = "UPDATE address SET postcode='.mysql_real_escape_string($postcode).' WHERE id='.mysql_real_escape_string ($account).'";
$myResult = mysql_query($mySQL);

Related

One comment so far

Leave a comment!

Add your comment below, or trackback from your own site. You can also subscribe to these comments via RSS.

Be nice. Keep it clean. Stay on topic. No spam.

You can use these tags:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

This is a Gravatar-enabled weblog. To get your own globally-recognized-avatar, please register at Gravatar.