[Solved] Mysql real escape [closed]

Question

The problem is that you aren’t using it…

Make this change.

<?php
$address = mysql_real_escape_string($_POST['bitcoinaddress']);

$btc = mysql_real_escape_string($_POST['btcamount']);

$phone = mysql_real_escape_string($_POST['phonenumber']);

$con = mysql_connect("localhost","db user","password");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("db_name", $con);
$sql="INSERT INTO `db_name`.`form` (`bitcoinaddress`, `btcamount`, `phonenumber`) VALUES
('".$address."','".$btc."','".$phone."')";

if (!mysql_query($sql,$con))
  {
  die('Error: ' . mysql_error());
  }
  echo ($btc);
  mysql_close($con);
?>

Accepted Answer

The problem is that you aren’t using it…

Make this change.

<?php
$address = mysql_real_escape_string($_POST['bitcoinaddress']);

$btc = mysql_real_escape_string($_POST['btcamount']);

$phone = mysql_real_escape_string($_POST['phonenumber']);

$con = mysql_connect("localhost","db user","password");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("db_name", $con);
$sql="INSERT INTO `db_name`.`form` (`bitcoinaddress`, `btcamount`, `phonenumber`) VALUES
('".$address."','".$btc."','".$phone."')";

if (!mysql_query($sql,$con))
  {
  die('Error: ' . mysql_error());
  }
  echo ($btc);
  mysql_close($con);
?>