I have the code ,
$.ajax({
type: "POST",
url: "my_ajax.php",
dataType: 'json',
data: ({ description : description.val(), project_id : project_id.val()}),
success: ( $(".succes_update_description").append("Update Successfull") )
});
php side I have
<?php mysqli_query($conn, "update someDB.someTable set description='".$_POST['description']."' where id='".$_POST['project_id']."'"); ?>
after that when I try to
so , when description.val() contains characters like ' or " or \ , I can't update the string in mysql. how can I resolve that?
Don't trust your user, never! Escape or cast all the values you're using in your queries. Your code should look something like this:
$description = mysqli_real_escape_string($_POST['description']);
$id = (int)$_POST['project_id'];
mysqli_query($conn, "UPDATE someDB.`someTable` SET `description`='".description."' WHERE `id`='".$id."'");