[Solved] Just using mysql real escape string [closed]


it is not working … the strings like />., still can be enter in the sql database

It is working.

mysql_real_escape_string is a function that escapes characters which have special meaning in SQL.

/ and > do not have special meaning in SQL, so it shouldn’t touch them.

If they did have special meaning, then the point of the function is to allow them to be inserted into the database. It makes changes such as converting ' (meaning “Start or end an SQL string”) to \' (meaning “An apostrophe”).

solved Just using mysql real escape string [closed]