0

I have the following:

$did=$_GET['deptID'];

variable passed from 1st page and on 2nd page, the link is like and to get data MySQL query is: 

$q= mysql_query("select DepName from dep where DepID='$did'")or die(mysql_error());

Now my question is how can I use the mysql_escape_string() function in this query?

Improve this question
12
  • 5
    WARNING: If you're just learning PHP, please, do not use the mysql_query interface. It’s so awful and dangerous that it was removed in PHP 7. A replacement like PDO is not hard to learn and a guide like PHP The Right Way explains best practices. Your user data is not properly escaped and there are SQL injection bugs and can be exploited. Commented Dec 11, 2017 at 16:15
  • 2
    Short answer: Don't. Use PDO and placeholder values. Commented Dec 11, 2017 at 16:15
  • for Backward compatiblety must use it. so please any help in this regard Commented Dec 11, 2017 at 16:18
  • Compatibility with what? Even PHP4 supports mysqli and any version of PHP5 from the last fifteen years supports PDO. Commented Dec 11, 2017 at 16:39
  • @tadman, I assume the OP means backward compatibility with the app's own code base. In other words, if the app has 100,000 lines of legacy code using ext/mysql, it's flippant to tell them, "switch to PDO" as though it can be done with no work. Commented Dec 13, 2017 at 3:40
Related questions
5136
Reference Guide: What does this symbol mean in PHP? (PHP Syntax)
2738
Why shouldn't I use mysql_* functions in PHP?
2769
How can I prevent SQL injection in PHP?
Load 7 more related questions Show fewer related questions

0

Reset to default

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.