I know ussually we write a data to mysql table using
but for security reason we add like this
and when we want we read from a table like this
that only i know, am my script is safe and worth enough ? thanks.
and i have others question either,
1. how about that i want make a user also can input a lines in a textbox
2. how about i want restirect my user input a html tag ?
what function or combinated function should i used ?
thanks.
| Code: |
| mysql_query("insert into table values('".$a."','".$b."','".$c."')",$db); |
but for security reason we add like this
| Code: |
| $a = mysql_real_escape_string($HTTP_POST["a"]);
$b = mysql_real_escape_string($HTTP_POST["b"]); $c = mysql_real_escape_string($HTTP_POST["c"]); |
and when we want we read from a table like this
| Quote: |
| $query=mysql_query("select * from table",$db);
while($row=mysql_fetch_row($query)) { $a=stripslashes ($row[0]); $b=stripslashes ($row[0]); $c=stripslashes ($row[0]); } |
that only i know, am my script is safe and worth enough ? thanks.
and i have others question either,
1. how about that i want make a user also can input a lines in a textbox
2. how about i want restirect my user input a html tag ?
what function or combinated function should i used ?
thanks.
