...

View Full Version : Making an input string for a SELECT query safe?



mOrloff
03-15-2009, 12:26 AM
I know there are a couple methods for this, but my brain is on vacation today (I can't remember anything for the life of me).

I am collecting a string from a form.input to use in a SELECT statement, but don't want to just plug whatever the user enters into the query (because it's dangerous).

SOMEBODY, please throw me a rope! :)

Even if I just get a key-work, I can look it up myself. I'm just hitting brick walls right now.

~ Mo

PappaJohn
03-15-2009, 01:31 AM
Assuming you're using mysql: mysql_real_escape_string();

If you're using the mysqli extension: mysqli_real_escape_string();

mOrloff
03-15-2009, 01:46 AM
THAT'S IT!

I was trying and trying to remember, but the only term coming to mind was encoding, but this is what I was looking for.

Thanks.

sea4me
03-15-2009, 02:02 AM
lol :D



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum