Today i learned a valuable lesson despite being a good mysql/php programmer i failed to follow the basics. My client kept on complaining that there was an error popping up in my website whenever she submitted a form. I wasnt sure what it is and my client was kind enough to email me .
and the error was
Insertion Failed:You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘s)
The error was caused by MySQL and insertion failed because i havent escaped single and double quotes in the INSERT mysql query.
i quickly used mysql_real_escape_string() function to escape single and double quotes and it solved all my problem. It is a magic function that will escape all special characters including single and double quotes.
If you are a programmer you can use the above function to prevent mysql injection attacks by filtering user input.
Posts
![IVRAMANA](https://draft.blogger.com/img/profile_blank_gray.jpg" title="IVRAMANA)
0 comments:
Post a Comment