Announcements | Last Post | |
---|---|---|
SoC Curricula | 09/30/2017 01:08PM | |
Demarcation or scoping of examinations and assessment | 02/13/2017 07:59AM | |
School of Computing Short Learning Programmes | 11/24/2014 08:37AM | |
Unisa contact information | 07/28/2011 01:28PM |
Portfolio and mysqli_real_escape_string May 20, 2013 10:37AM |
Registered: 11 years ago Posts: 38 Rating: 0 |
for SQL statements? I just thought I should look into this for increased security, but whenever I try to use it as I understand it to be used from the php manual no data gets inserted in the database.Language: PHPmysqli_real_escape_string
But if I change it to this it no longer works, am I missing something?Language: PHP$sql = "INSERT INTO course VALUES (LAST_INSERT_ID(), ';$cname';)"; $result = mysqli_query ($link, $sql);
Thanks!Language: PHP$sql = "INSERT INTO course VALUES (LAST_INSERT_ID(), ';$cname';)"; $sql = mysqli_real_escape_string($link, $sql); $result = mysqli_query ($link, $sql);
Re: Portfolio and mysqli_real_escape_string May 20, 2013 04:04PM |
Admin Registered: 18 years ago Posts: 10,001 Rating: 353 |
Re: Portfolio and mysqli_real_escape_string May 20, 2013 04:31PM |
Registered: 11 years ago Posts: 163 Rating: 0 |
Language: PHP$first_name = mysql_real_escape_string($_POST[';fname';]); similar to $first_name = htmlspecialchars($_POST[';fname';]); $first_name = htmlentities($_POST[';fname';]);
Re: Portfolio and mysqli_real_escape_string May 21, 2013 03:09AM |
Registered: 11 years ago Posts: 38 Rating: 0 |
worked. So I understand thatLanguage: PHPmysqli_real_escape_string
Language: PHPhtmspecialchars and mysqli_real_escape_string
Re: Portfolio and mysqli_real_escape_string May 22, 2013 07:59AM |
Admin Registered: 18 years ago Posts: 10,001 Rating: 353 |
Language: PHPstring mysqli_real_escape_string ( mysqli $link , string $escapestr ) // you used the sql query as the $escapestr - it should be the $var you want to insert
Re: Portfolio and mysqli_real_escape_string May 22, 2013 08:10AM |
Registered: 11 years ago Posts: 163 Rating: 0 |
Language: PHP$link = mysqli_connect("localhost", "my_user", "my_password", "registration");
Re: Portfolio and mysqli_real_escape_string May 22, 2013 09:25AM |
Registered: 11 years ago Posts: 38 Rating: 0 |
Re: Portfolio and mysqli_real_escape_string May 22, 2013 09:35AM |
Registered: 11 years ago Posts: 25 Rating: 0 |
Re: Portfolio and mysqli_real_escape_string May 22, 2013 10:07AM |
Registered: 11 years ago Posts: 163 Rating: 0 |
Language: PHP$page = parse_url($_SERVER[';HTTP_REFERER';],PHP_URL_PATH); $page = basename($page); .... if ($page == ';student_info.php';) { echo "<a href=\"list.php\"><b>redirect to list.php</b></a></p>"; }else{ echo "<a href=\"student_man.php\"><b>redirect to student man</b></a></p>"; }
Re: Portfolio and mysqli_real_escape_string May 22, 2013 11:53AM |
Registered: 11 years ago Posts: 25 Rating: 0 |