MySQL query based on user input

MySQL query based on user input

- March 16, 2016

To save from SQL injection attack, use:

1. $search_query = mysql_real_escape_string($_POST['blahblah']);

$query  = "SELECT name, age FROM people WHERE uid = '".$search_query."' LIMIT 0 , 1";

2. $search_query = mysqli_real_escape_string($_POST['code']);
 $sql = "select * from user where code='$search_query'";

Comments