Uses of the mysql_real_escape_string () function in PHP
mysql_real_escape_string () is a PHP function used to add backslashes to code to display on the page. However, when saved in SQL, the code stays normal with no backslashes.
Some of these codes included x00, n, r ,, ‘, “and x1a. Different from function Slashes () Yet Stripes slashes () the second deals with slashes, and it changes as you save code, but not for mysql_real_escape_string () because its use is specific to MySQL and involves security.
Many CMS / site developers are still unable to protect their websites from hackers who are always after the database, and the mistake is viewing content right away mysql_fetch without adding mysql_real_escape_string. And briefly by adding quotation marks (‘) the url variable looks like an error so the hacker can process it to find the admin username and password.
As on the login page, which has to search the database for a suitable username and password with the SELECT function, it can also be tricked with quotation marks. and this can be dangerous as it can invade the admin page and then damage the website.
To prevent this, use the function mysql_real_escape_string () Each one displays rows from the database so that unwanted things don’t happen on the website. I can only explain this function a little and please see the code below!
CORRECTLY
NOT CORRECT
The above code shows how to get database rows using. indicates Right and not correct. So if Right A backslash appears in each quotation mark in the results, and for codes that use not correct no backslash at all appears at the top and can result in SQL injection.
Using the login system can use the addslashes () function, but for security it is better to use it mysql_real_escape_string (). If you have any questions about any of the above, please comment
Hopefully useful and good luck