there is


I receive data

 $data = $_REQUEST['name']; 

But if I enter in the input field, 'then the sql query does not work.

Question : how to correctly and safely receive the text? (And with html markup, and without.)

    3 answers 3

      $data = mysql_real_escape_string($_REQUEST['name']); 
    • 2
      pdo, placeholders? no, not heard - FLK
    • 3
      @FLK, that's just for you, I left the opportunity to tell about this vehicle. Now you all neatly paint and I'll be the first to put you +1 - Deonis
    • one
      I thank you for the opportunity, but lazily like the same thing 20 times to write. considering your level of answers to other questions, I did not expect to recommend such a solution. - FLK
    • 2
      @FLK, I'm too lazy too alien. - Deonis
     $data = mysql_real_escape_string(trim(htmlspecialchairs($_REQUEST['name']))); 
    • what!!!??? did you even understand what you did? - johniek_comp

    then it is possible for loyalty in htmlentities($str, ENT_QUOTES, "UTF-8"); drive (encoding and string substitute your own)

    Threat it's time to go on mysqli)