[SOLVED] Storing information: urls and emails in a database.

thecard · November 24, 2008

Is it actually essential to stop users entering characters such as < or > or ' into a mysql database? I know it can be dangerous. But can't you just use prepared statements or something ???? Because it would be useful if I could store all characters in my database.

Thanks for any help,

thecard

Mchl · November 24, 2008

You can store them. You just need to properly escape them.

thecard · November 24, 2008

How do I do that? Just mysql_real_escape_string(,); ?

Mchl · November 24, 2008

Yes. And in fact <> are not dangerous for mysql. You should be careful with them however, because users might include html tags such as < script> or < iframe> that could load malicious content on your page.

thecard · November 24, 2008

But will the mysql_real_escape_string(,); take out the <> anyway?

Mchl · November 24, 2008

No.

revraz · November 24, 2008

Use it then look at the data in the DB aftewards.

But will the mysql_real_escape_string(,); take out the <> anyway?

thecard · November 24, 2008

Yeah thanks.

That was a bit too lazy of me.

*solved*.

Sign In

[SOLVED] Storing information: urls and emails in a database.

Recommended Posts

thecard

Link to comment

Share on other sites

Mchl

Link to comment

Share on other sites

thecard

Link to comment

Share on other sites

Mchl

Link to comment

Share on other sites

thecard

Link to comment

Share on other sites

Mchl

Link to comment

Share on other sites

revraz

Link to comment

Share on other sites

thecard

Link to comment

Share on other sites

Join the conversation

Browse

Activity

Important Information