Sample code to avoid SQL injections using mysql_real_escape_string (http://uk.php.net/mysql_real_escape_string) which converts special characters to escape sequences to ensure they are suitable for submission to SQL
$mySQL = "UPDATE address SET postcode='.mysql_real_escape_string($postcode).' WHERE id='.mysql_real_escape_string ($account).'";
$myResult = mysql_query($mySQL);
0 responses so far ↓
There are no comments yet...Kick things off by filling out the form below.
Leave a Comment