i don’t know much about sql injection.
I want to know that what is the best way to prevent the sql injection in mysql?
Like how should i insert data in the database,
How should i fetch them from DB, how to execute search query, update query in mysql.
Upto here i know that addslashes is used to prevent the sql injection in mysql using php.
when its creating the problem when searching the data from database.
the problem i have described here.
Search problem in mysql query
could you please let me know how to prevent this.
I have heard about the mysql_real_escape_string but don’t know how to use this.
Thanks
Avinash
Typically the best way is to rely on the library of the language you’re writing in. Every good library has a way to write canned parameterized SQL statements, so just Google “$(language_name) parameterized SQL” and you’ll be good to go.