What mysql_real_escape_string does is take a string that is going to be used in a MySQL query and return the same string with all SQL Injection attempts safely escaped. Basically, it will replace those troublesome quotes(') a user might enter with a MySQL-safe substitute, an escaped quote \'.
http://www.tizag.com/mysqlTutorial/mysql-php-sql-injection.php
No comments:
Post a Comment