0 steave posted How can I prevent SQL injection in PHP? $username=$_REQUEST['username']; $sel="select * from where username="$username""; so in above query if some input " ''; truncate table anytable name " as username so if that so it will empty table anytable Edit Question
0 jessica answered May 17 '22 00:00 php function mysql_real_escape_string use to escape single quote and double quote to avoid exposing SQL $username=$_REQUEST['username']; $sel="select * from where username=".mysql_real_escape_string($username); Edit Answer