[Solved] Just using mysql real escape string [closed]

Question

it is not working … the strings like />., still can be enter in the sql database

It is working.

mysql_real_escape_string is a function that escapes characters which have special meaning in SQL.

/ and > do not have special meaning in SQL, so it shouldn’t touch them.

If they did have special meaning, then the point of the function is to allow them to be inserted into the database. It makes changes such as converting ' (meaning “Start or end an SQL string”) to \' (meaning “An apostrophe”).

Accepted Answer

it is not working … the strings like />., still can be enter in the sql database

It is working.

mysql_real_escape_string is a function that escapes characters which have special meaning in SQL.

/ and > do not have special meaning in SQL, so it shouldn’t touch them.

If they did have special meaning, then the point of the function is to allow them to be inserted into the database. It makes changes such as converting ' (meaning “Start or end an SQL string”) to \' (meaning “An apostrophe”).