How can PHP functions like mysql_real_escape_string help prevent errors when inserting data into a database?

When inserting data into a database, it is important to sanitize the input to prevent SQL injection attacks. PHP functions like mysql_real_escape_string can help prevent errors by escaping special characters in the input data, making it safe to insert into a database without causing syntax errors or security vulnerabilities.

// Connect to the database
$connection = mysqli_connect(&quot;localhost&quot;, &quot;username&quot;, &quot;password&quot;, &quot;database&quot;);

// Sanitize input data using mysql_real_escape_string
$name = mysqli_real_escape_string($connection, $_POST[&#039;name&#039;]);
$email = mysqli_real_escape_string($connection, $_POST[&#039;email&#039;]);
$age = mysqli_real_escape_string($connection, $_POST[&#039;age&#039;]);

// Insert sanitized data into the database
$query = &quot;INSERT INTO users (name, email, age) VALUES (&#039;$name&#039;, &#039;$email&#039;, &#039;$age&#039;)&quot;;
mysqli_query($connection, $query);

// Close the database connection
mysqli_close($connection);

Keywords

PHP mysql_real_escape_string database insertion data sanitization SQL injection

How can PHP functions like mysql_real_escape_string help prevent errors when inserting data into a database?

Keywords

Related Questions