PHP and MySQL - correct way to use mysqli_real_escape_string
Posted
by TaG
on Stack Overflow
See other posts from Stack Overflow
or by TaG
Published on 2010-04-01T17:03:37Z
Indexed on
2010/04/01
17:13 UTC
Read the original article
Hit count: 138
I was wondering if the code below is the correct way to use mysqli_real_escape_string()
when storing users data in a database.
Here is the PHP & MySQL code.
if (mysqli_num_rows($dbc) == 0) {
$mysqli = mysqli_connect("localhost", "root", "", "sitename");
$dbc = mysqli_query($mysqli,"INSERT INTO info (user_id, url)
VALUES ('$user_id', 'mysqli_real_escape_string($url)')");
}
if ($dbc == TRUE) {
$dbc = mysqli_query($mysqli,"UPDATE info
SET url = 'mysqli_real_escape_string($url)'
WHERE user_id = '$user_id'");
© Stack Overflow or respective owner