Site Cloner PHP Script
Bargain Hunter PHP Script
Job Hunter PHP Script
Site Login and Access Control PHP Script

MYSQL Real Escape String with PHP

You should sanitize data before inserting or updating data from forms into a mysql database. Two common methods are to use the functions mysql_real_escape_string() or addslashes().

If you plan to update the data in the future, using the stripslashes function applied to the selected data will remove the slashes. Otherwise, you could end up with a string like John\’s shoes.

Here is a method to use the mysqli_real_escape_string() function

//Use the function with a post variable.
$var = mysqli_real_escape_string($db, $_POST[‘name’]);

//Set a variable that is the form post data. Then, make a new variable equal to the post data.
$var = mysqli_real_escape_string($db, $name);

Here is how a query would look with a sanitized variable:

$command= “INSERT INTO table values (NULL, ‘$var’,  now());”;
$result = mysqli_query($db, $command);