View Full Version : Making an input string for a SELECT query safe?

03-14-2009, 11:26 PM
I know there are a couple methods for this, but my brain is on vacation today (I can't remember anything for the life of me).

I am collecting a string from a form.input to use in a SELECT statement, but don't want to just plug whatever the user enters into the query (because it's dangerous).

SOMEBODY, please throw me a rope! :)

Even if I just get a key-work, I can look it up myself. I'm just hitting brick walls right now.

~ Mo

03-15-2009, 12:31 AM
Assuming you're using mysql: mysql_real_escape_string();

If you're using the mysqli extension: mysqli_real_escape_string();

03-15-2009, 12:46 AM

I was trying and trying to remember, but the only term coming to mind was encoding, but this is what I was looking for.


03-15-2009, 01:02 AM
lol :D

EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum