PHP and MySQL - correct way to use mysqli_real_escape_string

Posted by TaG on Stack Overflow See other posts from Stack Overflow or by TaG
Published on 2010-04-01T17:03:37Z Indexed on 2010/04/01 17:13 UTC
Read the original article Hit count: 138

Filed under:
|

I was wondering if the code below is the correct way to use mysqli_real_escape_string() when storing users data in a database.

Here is the PHP & MySQL code.

if (mysqli_num_rows($dbc) == 0) {
        $mysqli = mysqli_connect("localhost", "root", "", "sitename");
        $dbc = mysqli_query($mysqli,"INSERT INTO info (user_id, url) 
                                     VALUES ('$user_id', 'mysqli_real_escape_string($url)')");
}


if ($dbc == TRUE) {
        $dbc = mysqli_query($mysqli,"UPDATE info 
                                     SET url = 'mysqli_real_escape_string($url)' 
                                     WHERE user_id = '$user_id'");

© Stack Overflow or respective owner

Related posts about php

Related posts about mysql