DataTables
Advanced interaction
features for your tables.
Editor
Comprehensive editing
library for DataTables.
Manual
Download
Show site navigation

Server side: Mysql_real_escape_string

Server side: Mysql_real_escape_string

CountyCounty Posts: 10Questions: 4Answers: 0
edited May 2021 in DataTables 1.10

Hello all,
Does anyone know how I could use mysql_real_escape_string with the server side script for my WHERE clause? I've posted a screenshot of what I've tried and you can also see the line I tried (which I commented out). Basically, I'm just trying to prevent SQL injection.

Thank you for your help!

require( 'ssp.class.php' );

//$search = mysql_real_escape_string($_POST['search']);
$search = $_POST['search'];

echo json_encode(

     SSP::complex( $_GET, $sql_details, $table, $primaryKey, $columns, null, "personaName = '$search'" )

);

Answers

  • colincolin Posts: 15,240Questions: 1Answers: 2,599

    It's best not to use that function, according to this thread. The security page may help with this,

    Colin

This discussion has been closed.

DataTables

DataTables designed and created by SpryMedia Ltd.
© 2007-2023 MIT licensed. Privacy policy. Supporters.
SpryMedia Ltd is registered in Scotland, company no. SC456502.