Jump to content
  • 0

About escape_sql


Question

1 answer to this question

Recommended Posts

Posted

'escape_sql()' is used on string variables, like '@password$', you want to use within the 'query_sql()' command

Whenever you let the user provide information that will be used in the database, you should escape it.

What it does: It makes sure the input is safe from injections, more info on wikipedia

Example:

The user inputs: Injecting code "+DELETE...+"
escape_sql("Injecting code "+DELETE...+"");
And it will become: Injecting code "+DELETE...+"

And if you have a bug, you should provide more information regarding the bug.

  • Upvote 1

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...