Home/ Questions/Q 7678723
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-31T17:42:48+00:00

to sanitize user input we usually use mysql_real_escape_string, but for example if i want

  • 0

to sanitize user input we usually use mysql_real_escape_string, but for example if i want to escape: O’Brian it will return O\’Brian and I don’t really like this because if i want to print this name, I have to strip slasheseverytime.
So I thought to use this function:

$search = array("'", '"');
$replace = array("´", "“");
$str_clean = str_replace($search, $replace, "O'Brian");

Is this simple function protecting me from MySQL-Injection?
Thank very much and sorry for my bad English.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Yes, obviously it’s protecting from SQL Injection attacks

    It Escapes special characters in the unescaped_string, taking into account the current character set of the connection so that it is safe to place it in a mysql_query().

    • 0