How can the use of mysql_real_escape_string() prevent SQL injection attacks in PHP?

SQL injection attacks occur when malicious SQL queries are inserted into input fields on a website, allowing attackers to manipulate the database. Using mysql_real_escape_string() in PHP helps prevent SQL injection attacks by escaping special characters in the input data, making it safe to use in SQL queries.

// Example of using mysql_real_escape_string() to prevent SQL injection
$unsafe_variable = $_POST[&#039;input_field&#039;];
$safe_variable = mysql_real_escape_string($unsafe_variable);

$query = &quot;SELECT * FROM users WHERE username=&#039;$safe_variable&#039;&quot;;
$result = mysql_query($query);

Keywords

mysql_real_escape_string SQL injection attacks PHP security prevention

How can the use of mysql_real_escape_string() prevent SQL injection attacks in PHP?

Keywords

Related Questions