PHP MySql

Posted on July 28, 2008 by Jianming Li

Safe query
Against sql injection attack.

$query = sprintf("INSERT INTO products (
`name`, `description`, `user_id`) 
VALUES ('%s', '%s', %d)",
mysql_real_escape_string($product_name, $link),
mysql_real_escape_string($product_description, $link),
$_POST['user_id']);

References
PHP Manual
Tutorial

This entry was posted in php. Bookmark the permalink.