Jump to content

Escaping data prior to mysql

graham23s

By graham23s
in PHP Coding Help

Recommended Posts

graham23s Advanced Member

graham23s

Posted
Posted

Hi Guys,

 

i was wondering if anyone could tell me the best way to do this, i am doing a very basic blog, and when the user types in the blog post, the data is stripped of any problemtic ' or " and displays each break on a new line.

 

any advice/help would be great

 

cheers

 

Graham

Link to comment
https://forums.phpfreaks.com/topic/107338-escaping-data-prior-to-mysql/
Share on other sites
ILYAS415 Member

ILYAS415

Posted
Posted

Okay theres 2 things you can do....

 

 

1). Convert the characters into friendly characters ;D like in Pokemon ???

$string= htmlentities($_POST['nameofinputortextarea']);

 

2). Use this...

$string= str_replace("\"", "", $_POST['something']);
$string= stripslashes($string);
//then repeat for ' character

 

I would recommend the first one as its shorter and easier and hassle free.

graham23s Advanced Member

graham23s

Posted
  • Author
Posted

Hi Guys,

 

yeah i originally used:

 

$string_to_clean = clean_junk($_POST['nameofinput'], 1);

 

function:

 

function clean_junk($string, $nlbr = false) 
{ 
   if (get_magic_quotes_gpc()) {    
        $string = stripslashes($string);
   }         
   if ($nlbr) {
        $string = nl2br($string);    
   }           
   return mysql_real_escape_string($string);   
}

 

just curious as to whether there was an easier way to code it, this works mind you but always looking for new ways of doing things :)

 

cheers

 

Graham

 

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.