sql injection
Posted: Sat Apr 24, 2010 12:45 pm
Hi
I usually use mysql_real_escape_string($_POST['field']) to avoid sql injection
But this time The form inputs contains single quotes and when I use mysql_real_escape_string it adds a lot of \\\ to the input. It causes problems. In addition I noticed $_POST adds a \ before single quotes, maybe I don't need mysql_real_escape_string anymore?
Any idea?
Thanks in advance
I usually use mysql_real_escape_string($_POST['field']) to avoid sql injection
But this time The form inputs contains single quotes and when I use mysql_real_escape_string it adds a lot of \\\ to the input. It causes problems. In addition I noticed $_POST adds a \ before single quotes, maybe I don't need mysql_real_escape_string anymore?
Any idea?
Thanks in advance