|
|
add addslashes before inserting user inputs in to database - PHP
|
Views : 428
|
|
Tagged in : PHP
|
|
|
Report This Scrap as Inappropriate
We request you to choose the appropriate categroy and subcategory that suits your
objectionable concern about the scrap, So that our team can review and find out whether it violates our Guidelines or the
scrap is not suitable for all viewers.
|
I would recommend addslashes() be used in every place where you get an input via get or post and add it in to database.
Everyone who have worked with inserting user input in to database would have faced the issue when users input has single quote ('), double quote ("), backslash (\) etc..
To resolve the issue just call the function addslases() on the variable.
Example Code:
<php
$value = $_GET['userinput'];
$result = addslashes($value);
?>
What it does:
Returns a string with backslashes before characters that need to be quoted in database queries
Example Code:
<php
$value = "it's test";
$result = addslashes($value);
print "before addslashes() -".$value;
print "after addslashes() -".$result;
?>
Output of the above code:
before addslashes() - it's test
after addslashes() - it\'s test
|
|
By rajesh, On - 2009-10-29 |
|
|
|
