Best way to stop SQL Injection in PHP
- by Andrew G. Johnson
So specifically in a mysql database. Take the following code and tell me what to do.
// connect to the mysql database
$unsafe_variable = $_POST["user-input"];
mysql_query("INSERT INTO table (column) VALUES ('" . $unsafe_variable . "')");
// disconnect from the mysql database