Jump to content

Marcelc

New Members
 View Profile  See their activity

  • Posts

    3

  • Joined

  • Last visited

 Content Type 

Everything posted by Marcelc

  1. Marcelc
    Indeed the code is not ready. The app serves as a way for me to learn, study and explore different aspects of coding and this is a part of it. Thank you very much for your help I'll look up PDO, SQL-escaping and HTML-escaping and figure out how to implement those into my code. I'll look forward to update you with progress! Thank you again
  2. Marcelc
    @Jacques1 Thanks a lot. That really helps with the my understanding of mysql_real_escape_string and to be honest, I've came to know escaping only recently as I want to pass apostrophe to the database. There is still so many things to learn I ended up using addslashes() onto the input data and use splitslashes() when displaying the output. I believe this too is not a safe and concrete approach but as my app is not widely distributed I think for now it does the purpose. On another note, I am interested in adopting modern approach on database function, leaving mysql_query behind. I tried to look around for tutorial but the information out there overwhelmed me and I don't know where to start. Any suggestion? Thank you very much P.S. I will love to upload my app here but I have trouble uploading (bad internet connection ) so I will do this soon
  3. Marcelc
    Note that my code still use the old mysql query and I am aware of that. I want to migrate it to mysqli soon but it will have to wait until I learn how to do so. Meanwhile, please help me with the code that I have now. Thank you I've looked around the internet to find how to do this and I found two methods: htmlspecialchars(); and mysql_real_escape_string(); I wrapped my text into one of the two function in order to pass in text with apostrophe in it to the database. However I encountered a problem. With mysql_real_escape_string, I got the desired effect that I want but the problem is that, the function also apply its effect onto html img tag. So <img src="test"> turns into <img src=/"test/"> and therefore images (and also links) will not appear. With htmlspecialchars, again I got the desired function that I want which is to pass in apostrophe into the database. The problem with this is that when I pull the data out from the database and echo it onto my page, it doesn't render and show as a plain html code. What confuse me a lot is that, it works fine inside my localhost. Please help Thank you! content-insert.php
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.