how to protect update table set column $_POST data
Posted: Mon Jan 09, 2012 2:05 am
Hi, i have a question about mysql_real_escape
in a regular query i would use (for example)
but what am I to use in a situation like this?
Can I use m_r_e_s somehow there, or should I use something else, and what?
in a regular query i would use (for example)
Code: Select all
$query = "SELECT * FROM table WHERE id = '" . mysql_real_escape_string($id) . "' ";Code: Select all
mysql_query("UPDATE table SET column = '" . $_POST['article'] ."' ");