Mysql_real_escape_string delete entire row

Question

Mysql_real_escape_string delete entire row

I am writing an authentication system for my site, and I want me to be protected from SQL injection. I use 'mysql_real_escape_string', but this completely clears the line. the username is something like "Damo", but after the function has completed, it disappeared.

What am I doing wrong? (it works fine without mysql_real_escape_string)

$user_name = $_POST["username"];
$md5 = md5($_POST["password"]);

$user_name = mysql_real_escape_string($user_name);


$login = $query->GetSingleQuery("--SINGLE","SELECT user_name, id FROM url_users WHERE user_name='".$user_name."' and user_password='".$md5."';",array("user_name","id"));

+5

sql php sql-injection

Damo May 23 '11 at 21:13

source share

2 answers

, , , .

$user_name = $_POST["username"];
echo 'before: '.$user_name;
$user_name = mysql_real_escape_string($user_name);
echo 'after: '.$user_name;

-1

user557846 23 '11 21:17

Lightness Races in Orbit · Accepted Answer · 2011-05-23T21:17:46+0000

mysql_real_escape_stringrequires connection. It is assumed that the connection was created as part of the same library.

mysql_real_escape_string OO, - OO $query ( ?). mysql_real_escape_string "" , , .

( ), E_WARNING, .

mysql_escape_string . , , . , , .

Mysql_real_escape_string delete entire row

More articles: