Can't seem to sanitise php data
<?php
$lastname = "O'Reilly";
echo $lastname;
$_lastname = mysql_real_escape_string($lastname);
echo $_lastname ;
?>
Any ideas?
Thanks
Asked
Active
Viewed 25 times
-2
Daniel McFarland
- 92
- 2
- 9
-
`mysql_` is removed from PHP. and can you explain the problem? like what you except and what you get and errors if any? – bansi Mar 02 '16 at 14:49
-
Your code as posted, doesn't do anything really, except generate errors. – Funk Forty Niner Mar 02 '16 at 14:51
-
I would like to be able to replace the ' with \' for inserting into mysql – Daniel McFarland Mar 02 '16 at 15:00
1 Answers
1
mysql_real_escape_string() won't do anything all by itself. You have to have an open connection to a database.
However, all the mysql_* functions are deprecated. You should look into Prepared Statements instead.
I wrestled a bear once.
- 22,983
- 19
- 69
- 116
-
2*"You should look into PDO instead."* - With a prepared statement of course. Using PDO on its own won't protect against an SQL injection. *Just saying* ;-) – Funk Forty Niner Mar 02 '16 at 14:55