Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 4 of 4
  1. #1
    Regular Coder mOrloff's Avatar
    Join Date
    Nov 2008
    Location
    The Great Pacific NW, USA
    Posts
    422
    Thanks
    8
    Thanked 6 Times in 6 Posts

    Making an input string for a SELECT query safe?

    I know there are a couple methods for this, but my brain is on vacation today (I can't remember anything for the life of me).

    I am collecting a string from a form.input to use in a SELECT statement, but don't want to just plug whatever the user enters into the query (because it's dangerous).

    SOMEBODY, please throw me a rope!

    Even if I just get a key-work, I can look it up myself. I'm just hitting brick walls right now.

    ~ Mo
    Last edited by mOrloff; 03-14-2009 at 11:51 PM. Reason: fixed subject to make more sense.

  • #2
    Senior Coder
    Join Date
    Apr 2007
    Location
    Quakertown PA USA
    Posts
    1,028
    Thanks
    1
    Thanked 125 Times in 123 Posts
    Assuming you're using mysql: mysql_real_escape_string();

    If you're using the mysqli extension: mysqli_real_escape_string();
    John

  • #3
    Regular Coder mOrloff's Avatar
    Join Date
    Nov 2008
    Location
    The Great Pacific NW, USA
    Posts
    422
    Thanks
    8
    Thanked 6 Times in 6 Posts
    THAT'S IT!

    I was trying and trying to remember, but the only term coming to mind was encoding, but this is what I was looking for.

    Thanks.

  • #4
    Regular Coder sea4me's Avatar
    Join Date
    Jan 2009
    Location
    Damn, I don't know...
    Posts
    390
    Thanks
    11
    Thanked 28 Times in 27 Posts
    lol


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •