Hacker Hacker - 6 days ago 7
PHP Question

passing data to query builder

I am using PHP and MySQL.

I had a form text field where in

<input type='text' name ='key' id='key' value = 'property5 = mobile'>


I try to pass this value to mysql query builder just appending this value to where clause, but it does not work because the value part does not have quotes around it. How do I fix this?

Answer

I don't know what you are doing... but I am guessing by your post that you are trying to escape your data.

To do this, use the mysql_real_escape_string() function. Documentation can be found at http://www.php.net/manual/en/function.mysql-real-escape-string.php.

This will take your string and add all the appropriate escaping automatically.

Comments