Hi,
if user pass in a single quotation value into my webpage, it will have error, how do I resolve that?
I'm new to php and heard this issue is also relate to security issue (SQL Injection).
Please advise :)
Printable View
Hi,
if user pass in a single quotation value into my webpage, it will have error, how do I resolve that?
I'm new to php and heard this issue is also relate to security issue (SQL Injection).
Please advise :)
Pass the user's data through the mysql_real_escape_string function.
Just to butt in... SQL injection is one of a few methods of exploiting a weak website, so it is very important that you follow manavos advice.
I have been starting to research SQL injections recently, the best way to prevent them, is to learn how they work, this article provides a cool insight into how SQL injection works, and methods of preventing it in numerous languages.
http://unixwiz.net/techtips/sql-injection.html
Better use mysqli prepared statements