Sunday, December 17, 2017

mysql_real_escape_string() calls MySQL’s library function mysql_real_escape_string, which prepends backslashes to the following characters: \x00, \n, \r, \, ‘, ” and \x1a.
This function must always be used to make data safe before sending a query to MySQL.
A MySQL connection is required before using mysql_real_escape_string() otherwise an error of level E_WARNING is generated, and FALSE is returned. If link_identifier isn’t defined, the last MySQL connection is used.
Using mysql_real_escape_string() in php we can prevent database attacks ,a small example shown below

What could be happen if we are not using mysql_real_escape_string() function on the username and password:

This means that anyone could log in without a valid password!
To prevent these attacks use mysql_real_ escape_string() function.
Advantages:
• mysql_real_escape_string() is necessary to control what the users are storing in the database and to prevent sql injection.
• mysql_real_escape_string ensures that whatever the user enters is processed first before it is stored in the database and characters with special meaning to the sql engine is properly escaped.

Tags:
I am Saritha Reddy, a Remote codeigniter,Angularjs Developer. I have 4+ years of strong experience in designing, implementing, Programming and delivering advanced XAMPP ( Apache, MySQL and PHP) Web applications development. I am an Indian national and based Andhra Pradesh,Hyderabad. In addition to providing custom programming and design, I also have extensive experience with Open Source technologies to keep costs down and get websites running with as little fuss and wait as possible.

0 Comments

Leave a Comment