How to Replace Quotes on MySQL in PHP

Replacing single quotes with double quote characters removes the possibility of SQL injection on your PHP Web pages. You use the "mysql_real_escape_string " function in PHP to replace the single quote characters. Leaving single quotes allows hackers to run malicious SQL code on your server. This process is called "scrubbing the data," and you must use the replace function on each input value sent by your HTML forms.

Print this article

Instructions

- 1
  
  Right-click the PHP file that queries your MySQL server and select "Open With." Click your PHP editor to open the file.
- 2
  
  Locate the query on the page. For instance, the following code inserts a first name into the MySQL table from a form value named "first_name":
  
  $query = "insert into customers (name) values (' .$_POST["first_name"] . "')";
- 3
  
  Add the mysql_real_escape_string function to your PHP file code directly after the query variable. The following code replaces the quote to protect your data:
  
  $query = mysql_real_escape_string($query);

Tips & Warnings

Add the mysql_real_escape_string function to each of your MySQL queries in your PHP code.

Suggest item

Tizag: MySQL- SQL Injection Prevention

How to Replace Quotes on MySQL in PHP

Other People Are Reading

Instructions

Tips & Warnings

References

More Like This

Comments

Related Ads

Kid-Approved iPad Apps by Mom.me

You May Like