Originally Posted by
mindblaster7
Explain yourself, I am not following..
Okey, I will try.
If you are using MySQL and PHP there is a possibility that people will inject something in your MySQL database. For instance drop table 'users' and so on... The mysql_real_escape_String will not allow symbols like ' or such to go through which will prevent your site from MySQL Injection. But of course there are thousands of other options how to inject. That's why most people use their own written scripts to prevent it and include ("them.php"). I hope that you understood it.
PHP Code:
<?php
// Connect
$link = mysql_connect('mysql_host', 'mysql_user', 'mysql_password')
OR die(mysql_error());
// Query
$query = sprintf("SELECT * FROM users WHERE user='%s' AND password='%s'",
mysql_real_escape_string($user),
mysql_real_escape_string($password));
?>
Code:
mysql_real_escape_string() calls MySQL's library function mysql_real_escape_string, which prepends backslashes to the following characters: \x00, \n, \r, \, ', " and \x1a.
More here: http://lv.php.net/manual/en/function...ape-string.php
Edit:
submit details were taking off due to some idiot who tried to mysql inject just after i uploaded it...
See? That "idiot" was me. I'm not so good at MySQL so I was unable to do that. But believe me, there are some "idiots" around who can do much damage f you have no protection.
And just for the record. I am not an idiot. 
Reply With Quote![[PHP/MySQL]Minor MySQL 'features'](http://ragezone.com/hyper728.png)
