I have a mysql query like following mysql_query(select * from user where name=’$name’ LIMIT

Question

0

Asked: June 18, 20262026-06-18T22:58:53+00:00 2026-06-18T22:58:53+00:00

I have a mysql query like following mysql_query(select * from user where name=’$name’ LIMIT

0

I have a mysql query like following

mysql_query("select * from user where name='$name' LIMIT 1");

If suppose my input from client side is ‘John’ there will be MySQL error in my query.
What is the best practice of preventing this?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-18T22:58:54+00:00

Editorial Team

2026-06-18T22:58:54+00:00Added an answer on June 18, 2026 at 10:58 pm

At first, mysql_* functions are deprecated and you should use PDO or mysqli_ instead. This two libraries implements prepared Statements which automatically escape your input.

If you want to use mysql_* instead, you have to call mysql_real_escape_string to the passed var

mysql_query("select * from user where name='" . mysql_real_escape_string($name) . "' LIMIT 1");

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I have a mysql query like following mysql_query(select * from user where name=’$name’ LIMIT

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply