I'm trying to escape invalid characters on php. While also trying the php class called ezsql. Here's my code:
<?php
include_once('ez_sql_core.php');
include_once('ez_sql_mysql.php');
$db = new ezSQL_mysql('root','pword','db','localhost');
$uname=$db->escape($_GET['uname']);
$pword=$db->escape($_GET['pword']);
$db->query("INSERT INTO users(Uname, Hpword) VALUES('$uname','$pword')");
?>
How do I avoid producing a url like this. And not mess up the whole query. http://localhost/folder/file.php?uname=uzer's^&*%#&pword=dd'$#$%#'s