Natefons Posted July 27, 2008 Share Posted July 27, 2008 well i wanted to do a simple "news management" and a task i wanted to come up was a way to be mysql safe from injections (using mysql_real_escape_string) the only problem with that is, some times it gets "good" characters as well. for example a simple <a href=URL> will be converted to a "mysql safe" string. what i need to find out is, how to do both. is it possible? Quote Link to comment Share on other sites More sharing options...
toivo Posted July 27, 2008 Share Posted July 27, 2008 You only need to sanitize input fields. If you are planning to accept special characters like <a href= and so on, you should perhaps rethink the design of your system. Quote Link to comment Share on other sites More sharing options...
Natefons Posted July 27, 2008 Author Share Posted July 27, 2008 well, im just learning PHP...and perhaps this isn't the best task to undertake for a beginner. but how would this be done? Quote Link to comment Share on other sites More sharing options...
trq Posted July 27, 2008 Share Posted July 27, 2008 mysql_real_escape_string shouldn't have any affect on html. Quote Link to comment Share on other sites More sharing options...
unkwntech Posted July 27, 2008 Share Posted July 27, 2008 Why don't you provide some examples of what is not working correctly. Is <a href=URL> being printed as \<a href\=URL\> Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.