PHP: Avoiding mySQL Injections

Daily Technology Tips, Software, Downloads, Industry News | Technology Feed | Twitter | Wednesday 17th March 2010

By Jason Slater
Wednesday, 30 April 2008

Sample code to avoid SQL injections using mysql_real_escape_string (http://uk.php.net/mysql_real_escape_string) which converts special characters to escape sequences to ensure they are suitable for submission to SQL

$mySQL = "UPDATE address SET postcode='.mysql_real_escape_string($postcode).' WHERE id='.mysql_real_escape_string ($account).'"; $myResult = mysql_query($mySQL);

One Comment »

PHP: Removing HTML Tags from Strings | SL8R.co.uk - Code Zone says:

Tuesday, 28 October 2008 at

[...] would also be useful to use the mysql_real_escape_string in this instance to avoid SQL Injections. addthis_url = [...]

About This Technology Blog

jasonmono Jason Slater is an independent technologist and blogger.

Here you will find technology discussion, industry news, useful software and hints and tips to help get the best out of technology. To learn more about the site visit the about page.

Get In Touch

Get in touch with me, about this site, or to let people know about your software, hardware, or services. Write to hello@jasonslater.co.uk, or send me a tweet.

Say thanks

If you found something useful on this site and want to say thanks - please consider donating to the tipjar to help with the running costs of this site.