Prevent database attacks use this function in codeigniter

mysql_real_escape_string() calls MySQL’s library function mysql_real_escape_string, which prepends backslashes to the following characters: \x00, \n, \r, \, ‘, ” and \x1a.
This function must always be used to make data safe before sending a query to MySQL.
A MySQL connection is required before using mysql_real_escape_string() otherwise an error of level E_WARNING is generated, and FALSE is returned. If link_identifier isn’t defined, the last MySQL connection is used.
Using mysql_real_escape_string() in php we can prevent database attacks ,a small example shown below

What could be happen if we are not using mysql_real_escape_string() function on the username and password:

This means that anyone could log in without a valid password!
To prevent these attacks use mysql_real_ escape_string() function.
Advantages:
• mysql_real_escape_string() is necessary to control what the users are storing in the database and to prevent sql injection.
• mysql_real_escape_string ensures that whatever the user enters is processed first before it is stored in the database and characters with special meaning to the sql engine is properly escaped.

Saritha Reddy

I am Saritha Reddy, a Remote codeigniter,Angularjs Developer. I have 4+ years of strong experience in designing, implementing, Programming and delivering advanced XAMPP ( Apache, MySQL and PHP) Web applications development.
I am an Indian national and based Andhra Pradesh,Hyderabad.
In addition to providing custom programming and design, I also have extensive experience with Open Source technologies to keep costs down and get websites running with as little fuss and wait as possible.

lamborghini gallardo hire

More Posts

Follow Me:
TwitterFacebookGoogle Plus

Leave a Comment

Your email address will not be published. Required fields are marked *