Robert Down Robert Down - 1 month ago 11
PHP Question

Why mysql_real_escape_string not work on MySQLi?

Why

mysql_real_escape_string
not work on MySQLi ?

When i use MySQL , i can use this code.

$test = mysql_real_escape_string($_POST[test]);


But When i update to use MySQLi. I tried to use

$test = mysql_real_escape_string($_POST[test]);


But not work.

How can i use
mysql_real_escape_string
on
MySQLi
?

if cannot use
mysql_real_escape_string
on
MySQLi
, How can i protect SQL Injection ?

Now i use

$test = $_POST[test];


It's very bad for SQL Injection.

Answer

How can i use mysql_real_escape_string on MySQLi?

Answer:

OOP Approach: $test = $conn -> real_escape_string($_POST['test']);

Procedural Approach: $test = mysqli_real_escape_string($conn,$_POST['test']);

You are also asking on how can you protect from SQL Injection

Answer: If you are going to use mysqli_* then you should use parameterized queries

http://php.net/manual/en/mysqli.real-escape-string.php

Comments