mysql_real_escape_string problem
Posted: Thu Jun 24, 2010 5:28 am
Hello,
am having problem with my mysql_real_escape_string syntax which am using to prevent my database from injection.
i have my php file like this;
if thte message is
it will echo it properly
am having problem with my mysql_real_escape_string syntax which am using to prevent my database from injection.
i have my php file like this;
Code: Select all
<?php
$subject=mysql_real_escape_string($_POST[subject]);
$message=mysql_real_escape_string($_POST[message]);
echo = nl2br($message);
?>it will echo it out asThank
you
very
much
but if i change the syntax tothank/r/nyou/r/nvery/r/nmush
Code: Select all
<?php
$subject=addslashes($_POST[subject]);
$message=addslashes($_POST[message]);
echo = nl2br($message);
?>can adslashes() be used instead of mysql_real_escape_string() and my database will still be prevented from injection or is there other syntax that i can use?thany
you
very
mush