6:[["$","$Le",null,{}],["$","div",null,{"className":"min-h-screen bg-gray-100 p-6","children":[["$","$Lf",null,{}],["$","script",null,{"type":"application/ld+json","dangerouslySetInnerHTML":{"__html":"{\"@context\":\"https://schema.org\",\"@type\":\"QAPage\",\"mainEntity\":{\"@type\":\"Question\",\"name\":\"htmlspecialchars or mysql_real_escape_string?\",\"text\":\"

I am unsure which one to use in this situation???

\\n\\n

$query1 = \\\"SELECT * FROM messages WHERE \\nmessages.custid='\\\".htmlspecialchars($_SESSION['customerid']).\\\"' \\nORDER BY messages.id LIMIT $start, $limit \\\";\\n

\\n\",\"author\":{\"@type\":\"Person\",\"name\":\"user342391\"},\"upvoteCount\":1,\"answerCount\":2,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"

use mysql_real_escape_string .. But really, don't do that

\\n\\n

instead, install Pear's PDO library, then use a prepared statement for your query

\\n\",\"author\":{\"@type\":\"Person\",\"name\":\"Zak\"},\"upvoteCount\":2}}}"}}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mb-6 relative","children":[["$","div",null,{"className":"absolute top-4 right-4 flex flex-wrap space-x-2","children":[["$","span","php",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/php/1","children":"php"}]}],["$","span","function",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/function/1","children":"function"}]}]]}],["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://www.gravatar.com/avatar/e483bd4544cfadccc341170c20c4a2d1?s=256&d=identicon&r=PG","alt":"user342391","className":"w-16 h-16 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/342391/user342391","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"user342391"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",7827]}]]}]]}],["$","h1",null,{"className":"text-2xl font-bold text-gray-800 mb-4","children":"htmlspecialchars or mysql_real_escape_string?"}],["$","p",null,{"className":"text-gray-700 mt-4","dangerouslySetInnerHTML":{"__html":"

I am unsure which one to use in this situation???

\n\n

$query1 = \"SELECT * FROM messages WHERE \nmessages.custid='\".htmlspecialchars($_SESSION['customerid']).\"' \nORDER BY messages.id LIMIT $start, $limit \";\n

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm mt-4","children":[["$","p",null,{"children":["Upvotes: ",1]}],["$","p",null,{"children":["Views: ",985]}]]}]]}],["$","div",null,{"className":"container mx-auto","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-6","children":["Answers (",2,")"]}],[["$","div","3603167",{"className":"bg-white shadow-md rounded-lg p-6 mb-6","children":[["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://www.gravatar.com/avatar/62292e3e7a9182c38bd24b3c26255a68?s=256&d=identicon&r=PG","alt":"Tokk","className":"w-12 h-12 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/354745/tokk","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"Tokk"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",4502]}]]}]]}],["$","p",null,{"className":"text-gray-700 mb-4","dangerouslySetInnerHTML":{"__html":"

mysql_real_escape_string() is made especialy for Mysql Tables, as the name indicates ;-)

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm","children":["$","p",null,{"children":["Upvotes: ",0]}]}]]}],["$","div","3603164",{"className":"bg-white shadow-md rounded-lg p-6 mb-6","children":[["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://www.gravatar.com/avatar/78dff5de547254c338626be55bdf0cf5?s=256&d=identicon&r=PG","alt":"Zak","className":"w-12 h-12 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/2112692/zak","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"Zak"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",25205]}]]}]]}],["$","p",null,{"className":"text-gray-700 mb-4","dangerouslySetInnerHTML":{"__html":"

use mysql_real_escape_string .. But really, don't do that

\n\n

instead, install Pear's PDO library, then use a prepared statement for your query

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm","children":["$","p",null,{"children":["Upvotes: ",2]}]}]]}]]]}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mt-6","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-4","children":"Related Questions"}],["$","ul",null,{"className":"list-disc list-inside","children":[["$","li","8419077",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/8419077","className":"text-blue-600 hover:underline","children":"Difference between htmlspecialchars and mysqli_real_escape_string?"}]}],["$","li","3665572",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/3665572","className":"text-blue-600 hover:underline","children":"mysql_escape_string VS mysql_real_escape_string"}]}],["$","li","3473047",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/3473047","className":"text-blue-600 hover:underline","children":"mysql_real_escape_string VS addslashes"}]}],["$","li","36914374",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/36914374","className":"text-blue-600 hover:underline","children":"Should I be using htmlspecialchars?"}]}],["$","li","35147647",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/35147647","className":"text-blue-600 hover:underline","children":"mysqli_real_escape_string vs filter_input()? What method should I use?"}]}],["$","li","9737130",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/9737130","className":"text-blue-600 hover:underline","children":"When to use mysql real escape string"}]}],["$","li","13279578",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/13279578","className":"text-blue-600 hover:underline","children":"Confused on htmlspecialchars, real_escape_string, etc"}]}],["$","li","7158668",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/7158668","className":"text-blue-600 hover:underline","children":"Is mysql_real_escape_string(htmlspecialchars()) really useful ? why?"}]}],["$","li","2214244",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/2214244","className":"text-blue-600 hover:underline","children":"Htmlentities vs addslashes vs mysqli_real_escape_string"}]}],["$","li","2562169",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/2562169","className":"text-blue-600 hover:underline","children":"PHP and MySQL - correct way to use mysqli_real_escape_string"}]}]]}]]}]]}],["$","$L11",null,{}],["$","$L12",null,{}],["$","$L13",null,{}],["$","$L14",null,{}],["$","$L15",null,{}]]

htmlspecialchars or mysql_real_escape_string?

Answers (2)

Related Questions