thecard Posted November 24, 2008 Share Posted November 24, 2008 Is it actually essential to stop users entering characters such as < or > or ' into a mysql database? I know it can be dangerous. But can't you just use prepared statements or something ???? Because it would be useful if I could store all characters in my database. Thanks for any help, thecard Link to comment https://forums.phpfreaks.com/topic/134090-solved-storing-information-urls-and-emails-in-a-database/ Share on other sites More sharing options...
Mchl Posted November 24, 2008 Share Posted November 24, 2008 You can store them. You just need to properly escape them. Link to comment https://forums.phpfreaks.com/topic/134090-solved-storing-information-urls-and-emails-in-a-database/#findComment-698001 Share on other sites More sharing options...
thecard Posted November 24, 2008 Author Share Posted November 24, 2008 How do I do that? Just mysql_real_escape_string(,); ? Link to comment https://forums.phpfreaks.com/topic/134090-solved-storing-information-urls-and-emails-in-a-database/#findComment-698002 Share on other sites More sharing options...
Mchl Posted November 24, 2008 Share Posted November 24, 2008 Yes. And in fact <> are not dangerous for mysql. You should be careful with them however, because users might include html tags such as < script> or < iframe> that could load malicious content on your page. Link to comment https://forums.phpfreaks.com/topic/134090-solved-storing-information-urls-and-emails-in-a-database/#findComment-698008 Share on other sites More sharing options...
thecard Posted November 24, 2008 Author Share Posted November 24, 2008 But will the mysql_real_escape_string(,); take out the <> anyway? Link to comment https://forums.phpfreaks.com/topic/134090-solved-storing-information-urls-and-emails-in-a-database/#findComment-698012 Share on other sites More sharing options...
Mchl Posted November 24, 2008 Share Posted November 24, 2008 No. Link to comment https://forums.phpfreaks.com/topic/134090-solved-storing-information-urls-and-emails-in-a-database/#findComment-698023 Share on other sites More sharing options...
revraz Posted November 24, 2008 Share Posted November 24, 2008 Use it then look at the data in the DB aftewards. But will the mysql_real_escape_string(,); take out the <> anyway? Link to comment https://forums.phpfreaks.com/topic/134090-solved-storing-information-urls-and-emails-in-a-database/#findComment-698028 Share on other sites More sharing options...
thecard Posted November 24, 2008 Author Share Posted November 24, 2008 Yeah thanks. That was a bit too lazy of me. *solved*. Link to comment https://forums.phpfreaks.com/topic/134090-solved-storing-information-urls-and-emails-in-a-database/#findComment-698031 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.