How can one properly escape SQL queries using mysql_real_escape_string?

There are single quotes being used in

$bio = "$user->description";

when inserting into the database like this;

<?
$sql = "insert into yyy (id, twitterid, twitterkullanici, tweetsayisi, takipettigi, takipeden, nerden, bio, profilresmi, ismi) values ('', '$id', '$twk', '$tws', '$tkpettigi', '$tkpeden', '$nerden', '$bio', '$img', '$isim')";

$ak = mysql_query("select * from yyy where twitterid = '$id'");
if (mysql_num_rows($ak) == 0) {
    $sonuc = mysql_query($sql) or die(mysql_error());
    echo "You have been added to the cool list :)"; 
}
elseif (mysql_num_rows($ak) == 1) {
    $sonuc = "You are already on the cool list. No need to add you again :)";
}

?>

How can I correctly use mysql_real_escape_string for the variable $bio?

phpsqlmysql

Answer №1

It is important to ensure that you establish a connection to your MySQL database before proceeding.

$sql = "insert into yyy (id, twitterid, twitterkullanici, tweetsayisi, takipettigi, takipeden, nerden, bio, profilresmi, ismi) values ('', '$id', '$twk', '$tws', '$tkpettigi', '$tkpeden', '$nerden', '" . mysql_real_escape_string($bio) . "', '$img', '$isim')";

Please note that this information could have easily been located through a quick Google search or by referring to the PHP documentation.

In addition, it is recommended to apply this method for all strings and any data submitted by users, not just for select fields.

Answer №2

The solution is simple - ditch the old ways. Switch to using parameterized queries with mysqli or even better, PDO

Here's an example from the PHP documentation using PDO:

<?php
$stmt = $dbh->prepare("INSERT INTO REGISTRY (name, value) VALUES (:name, :value)");
$stmt->bindParam(':name', $name);
$stmt->bindParam(':value', $value);

// insert one row
$name = 'one';
$value = 1;
$stmt->execute();

// insert another row with different values
$name = 'two';
$value = 2;
$stmt->execute();
?>

Similar questions

If you have not found the answer to your question or you are interested in this topic, then look at other similar questions below or use the search

SQL statement not recognized

My current project involves conducting an experiment using a pre-coded script accessible through the link here. In this experiment, I'm utilizing xampp as my web server with mysql. However, when I attempt to run the authentication page containing the ...

phphtml

Get an Array Using AJAX in PHP and JavaScript

Section 1 I want to retrieve an Array from PHP and use it in JavaScript. I have created a file using the fwrite function in PHP, then included that file in my next .load method inside a Div. The new PHP file contains an "include 'somefile.php';" ...

phpjavascripthtmlarraysreturn-value

Retrieval of each single row from a PHP-generated JSON dataset

This is quite challenging, especially for me. My goal here is to use Javascript to extract each value of every row in this JSON data: {"id":2,"url":"image.png","x":19,"y":10,"user_id":20} {"id":3,"url":"image.png","x":19,"y":10,"user_id":20} {"id":4,"url" ...

phpjavascriptarraysjson

Transmitting the identification number of a post with the help of J

I am currently working on a while loop in PHP that fetches associated results from a query and displays them within a class identified by the user who created the post. My goal is to send the id of the class to PHP, similar to how I am sending the num vari ...

phpjqueryhtmlajaxvariables

"Using jQuery to Access a View: A Step-by-Step Guide

Let's consider a scenario where I have two different views. <?php if($_GET['view']=="happy"){?> <div><p>I am feeling happy</p></div> <?php } ?> <?php if($_GET['view']=="sad"){?> <div&g ...

phpjqueryajax

Encountering a 403 error while using the YouTube API

I have a setup where I display the latest uploaded YouTube videos on my channel. Everything seems to be working fine, but occasionally I encounter this error that causes my entire site to break! [phpBB Debug] PHP Warning: in file /my_youtube/functions.php ...

phpjsonyoutubehttpwebrequest

How to retrieve the complete file path of an image during the image upload process

I am having trouble uploading an image as it only takes the file name with extension, not the full path. <!DOCTYPE html> <html> <head> <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js">< ...

phpjquery

Using CakePHP, instantiate a new object and call the controller class from the index.php file located in the webroot directory

Struggling to reach the CustomersController class from index.php within the webroot folder in cakephp 3. After attempting to use the code below, an error message indicates that the class cannot be found. require dirname(__DIR__) . '/src/Controller/Cu ...

phpoopcakephpcakephp-3.0

Get the image name from the database using the background:url property

I have a database reference to an image and I want to use it as a background:url in my design. Here is the image I created: . However, when I try to display the image using a div style in my code, it doesn't show up. Can someone please help me with th ...

phpbackground-image

Retrieving cover images using PHP from Google Books API

Is there a way to retrieve just the cover image from Google Books service using PHP? I tried fetching the page with file_get_contents but it gets the entire book webpage instead of just the thumbnail. I know I can use the src attribute of an img element in ...

phpimagefile-get-contentscovergoogle-books

Please refresh the page after acknowledging the error

I am facing an issue with my PHP page that triggers a javascript alert upon encountering an error. if (strpos($this->color,':') !== false) { echo '<script type="text/javascript">alert("Please use the RBG format of 255:2 ...

javascriptphp

Having trouble with Codeigniter and Pdo? Getting an error that says "call to a member function

Recently, I upgraded to CodeIgniter 2.2.0 and decided to implement a PDO database connection with the PDO driver. However, I encountered an error that is causing some troubles for me. Can someone help me identify what might be missing in my setup? $active ...

phpmysqlmysqlipdocodeigniter-2

Using a single form, the rest of the form fields are restricted when uploading images with Ajax

I am facing a challenge with uploading an image using ajax. I have other fields in the form that require validation before submission is allowed. However, whenever I try to upload an image, all the fields in the form show errors. $('#my_thumbnail&apo ...

phpjqueryforms

Utilize a separate domain for sections of the URL within CodeIgniter

I am interested in creating a website using CodeIgniter (CI) where users have their own personal page with a URL structure like this: main-domain.com/index.php/sites/site_id/other-controller... However, I also want to assign a unique domain for each user ...

phpcodeigniterdnscross-domaincodeigniter-url

Using PHP's include/require method with a dynamic path

Looking for assistance with my issue! Ajax is returning the correct information and displaying it in an 'alert(html)' on 'success'. The PHP code echoes $idName and $path correctly on the carrier page where the code resides. There are no ...

javascriptphphtml

Aggregate the data in a 2-dimensional array by grouping rows based on one column and calculating the sum of another column within each group

Issue: I need to find the sum of 'subtotal' values for each 'id' and store these sums in an array or variables. My current approach involves using a foreach loop with multiple if statements to count occurrences. While this method works ...

phparraysmultidimensional-arraysumgrouping

Having trouble creating a Node.js equivalent to PHP's hash checking functionality

These PHP lines are effective, but I am unable to replicate them in Node. $secret_key = hash('sha256', XXXX, true); $hash = hash_hmac('sha256', YYYY, $secret_key); The documentation states that hash() returns raw binary data, but it a ...

phpnode.jshashsha256hmac

Running a Laravel artisan command on a schedule of every 5 seconds

My current project involves working with a system that sends webhooks whenever there is a change to a resource within the system. These webhooks contain the ID of the updated resource. For instance, if someone modifies product ID 1234 in the system, my ser ...

phplaravelcron

filtering out specific sections of HTML using xPath

I am currently attempting to scrape information from this page My approach involves using xPath to select specific elements. Here is a snippet of my code: $safeFlag = true ; //*[@id="tabset_productPage"]/dd[1]/div/div //HAVE TRIED THIS TOO //*[@id="tab ...

phphtmldomxpath

Analyzing MySQL queries to optimize performance on a webpage

I attempted to set up MySQL query profiling following the instructions given on this page After editing the file: /etc/my.cnf I made the following additions: general_log=1 log_output=FILE log=/tmp/mysql.log Then, I restarted MySQL by running: /etc/in ...

phpmysqlquery-optimization