mysql-real-escape-string Questions
9
I'm trying to protect myself from sql injection and am using:
mysql_real_escape_string($string);
When posting HTML it looks something like this:
<span class="\&quot;className\&quot;"...
Corpuz asked 4/4, 2010 at 2:17
2
Solved
I would like to insert the content of an excel file into my database.
I simply use a raw query to achieve this.
The controller function
public function uploadExcel()
{
$filename = Input::file('im...
Skewness asked 31/8, 2016 at 22:38
9
Solved
I'm using mysql_real_escape_string to escape a string before inserting it into my mysql database.
Everything's working fine, except that the character ’ is getting missed and turned into ’ ...
Lenticel asked 19/1, 2011 at 19:29
5
Solved
I am using a jQuery AJAX request to a page called like.php that connects to my database and inserts a row. This is the like.php code:
<?php
// Some config stuff
define(DB_HOST, 'localhost');
d...
Mccrea asked 9/6, 2010 at 10:58
4
Solved
I am developing a web application using zend framework. For select statements I have used following way.
Ex:
public function getData($name)
{
$sql = "SELECT * from customer where Customer_Name =...
Auguste asked 31/12, 2011 at 2:17
5
Solved
Could some tell me if there is a function which works the same as PHP's mysql_real_escape_string() for Perl from the DBI module?
Laurice asked 5/2, 2010 at 13:59
6
Solved
I'm trying to work a bit of security and sanitization into my databases application (for a class). to start off with, i'm trying to use mysql_real_escape_string, but whenever i use it, it always re...
Lampyrid asked 26/4, 2012 at 18:35
6
Solved
So in this program I'm writing, I actually grab a SQL query from the user using a form. I then go on to run that query on my database.
I know not to "trust" user input, so I want to do sanitizatio...
Hanway asked 17/4, 2011 at 4:30
2
Assuming I have my database set up as follows to use utf-8 (the full 4mb version in mysql)
mysql_query("SET CHARACTER SET utf8mb4");
mysql_query("SET NAMES utf8mb4");
I am using mysql_real_escap...
Teth asked 13/1, 2014 at 12:40
4
Solved
Okay, I still don't really get it. I keep reading that in order to properly escape your MySQL queries, you need to use mysqli_prepare() and mysqli_bind_param().
I tried using this setup and,...
Prophylactic asked 5/9, 2013 at 23:21
4
Solved
I know that mysql_escape_string is deprecated from 5.3 but what was the actual difference in mysql_real_escape_string.
What I thought was that mysql_real_escape_string is the exact same as mysql_es...
Cherycherye asked 8/9, 2010 at 7:42
3
Solved
Should I use mysqli_real_escape_string or should I use prepared statements?
I've seen a tutorial now explaining prepared statements but I've seen them do the same thing as mysqli_real_escape...
Tang asked 3/4, 2013 at 11:36
3
Solved
I'm having issues escaping/stripping strings with PHP/MySQL - there always seems to be redundant slashes.
Let's take the following string as an example:
<span style="text-decoration:underlin...
Statolith asked 5/10, 2009 at 20:48
9
I just moved to a new hosting company and now whenever a string gets escaped using:
mysql_real_escape_string($str);
the slashes remain in the database. This is the first time I've ever seen this h...
Mammoth asked 6/10, 2008 at 4:33
6
Possible Duplicate:
mysql_escape_string VS mysql_real_escape_string
I need to get company_name (given by user through a form) entered into my mysql database.
When I use
$company = m...
Nonce asked 3/1, 2013 at 9:16
2
Solved
I have seen a few people on here state that concatenating queries using mysql_real_escape_string will not protect you (entirely) from SQL injection attacks.
However, I am yet to see an example of...
Lutero asked 3/10, 2012 at 7:2
3
Solved
In ruby ActiveRecord doesn't provide dynamic binding for update and insert sqls, of course i can use raw sql, but that need maintain connection, so i want to know if there is simpler way to escape ...
Whicker asked 24/12, 2010 at 9:57
2
Solved
I do understand that the prepared statements is the ultimate way to seek protection against the SQL injection. However, they provide coverage in a limited fashion; for example, in cases where I let...
Chabot asked 12/7, 2012 at 15:5
6
Solved
I've been told that I'd be better using PDO for MySQL escaping, rather than mysql_real_escape_string.
Maybe I'm having a brain-dead day (or it may be the fact I'm by no stretch of the imagination ...
Gulp asked 16/11, 2009 at 13:1
1
Solved
I am very used to using MySQL and mysql_real_escape_string(), but I have been given a new PHP project that uses ODBC.
What is the correct way to escape user input in a SQL string?
Is addslashes()...
Infra asked 19/4, 2011 at 8:50
3
Solved
According to php.net I should use mysql_real_escape_string() and turn off magic quotes, because it's deprecated.
So I turned it off and I used mysql_real_escape_string(), but is it enough to use i...
Zarla asked 1/2, 2011 at 13:37
3
I am trying to input data using forms into the MySQL, and also using mysql_real_escape_string for this purpose. Unfortunately I am having a problem with the output. It displays \s, or if I use stri...
Strata asked 17/1, 2011 at 5:55
2
Solved
I read this tutorial about storing images in DB. In the tutorial, the author escapes special characters in the binary data before inserting: http://www.phpriot.com/articles/images-in-mysql/7 ( usin...
Guarneri asked 31/12, 2010 at 11:16
4
Solved
Possible Duplicate:
mysql_real_escape_string VS addslashes
If they don't do exactly the same, what's the difference? The delimiter for values inside a MySQL query is the ' isn't it? O...
Jubilant asked 20/12, 2010 at 0:36
3
Solved
I have the following code:
function dbPublish($status)
{
global $dbcon, $dbtable;
if(isset($_GET['itemId']))
{
$sqlQuery = 'UPDATE ' . $dbtable . ' SET active = ? WHERE id = ?';
$stmt = $dbc...
Outworn asked 17/2, 2010 at 20:54
1 Next >
© 2022 - 2024 — McMap. All rights reserved.