It's never a good idea to trust any information or data that comes the user; you should always consider any data from the user to be untrustworthy and potentially dangerous. You are strongly advised to ensure that you escape any data coming in from the user, and never trust any data from the user unless you have passed it through various processes that should make that data safe enough to work with. One of these techniques is escaping data. This recipe demonstrates the escaping of variables in a database query.
First, we'll need to create a database table. For this example, let's assume the database table is named escape
. Enter the following SQL into your database:
CREATE TABLE `escape` ( `id` INT NOT NULL AUTO_INCREMENT PRIMARY KEY , `firstname` VARCHAR( 25 ) NOT NULL , `lastname` VARCHAR( 25 ) NOT NULL ) ENGINE = INNODB;