Codes for updating database in php
You could just as easily throw a delete or drop statement in there instead of just commenting off the remainder of the sql statement.
This might not be as critical on an internal site for yourself only but its a big deal to worry about when dealing with public facing sites.
Remember that you can not update single record without any reference field otherwise whole table data will updated.
Here we use table ID field as reference field to update the record. Create “update.php” and copy the below code and paste it inside “update.php” file. If you find message like this “Data successfully updated”, then your record is update successfully otherwise you have error in My SQL syntax or something else. I hope that you like this Select Insert Update Delete database operations in My SQL using PHP code tutorial. If you have any questions while performing this tutorials then please let me know in comment.
Using it to escape get or post data before adding it to a database is the correct use of the function.
Having used 'OR 1' in submitting the form I notice that it is still displayed as 'OR 1' in the database, so I'm still trying to work out whether the escape string has done what it should.
I thought it was supposed to show as \'OR 1\' in the database but perhaps it will work if I use the field in code like SELECT FROM into an input and tried to add a new record, I'd get an error saying my SQL query was malformed (caused by the text I entered into the input.) With the mysql_real_escape_string() in place, I can enter that same text in the input and it automatically escapes it and I get no errors.
I found that it either made an empty field if it was before the connection to the database, or when I put the variable inside the mysql section it created an error if a name or text had ' in it (which needs to be kept).
I've now got a clumsy code where the first part of the php code before the mysql_connect takes the form data:- So it works with text and names which have ' and presumably has the injection protection and I expect I can make the code a bit simpler.