thecard Posted November 24, 2008 Share Posted November 24, 2008 Is it actually essential to stop users entering characters such as < or > or ' into a mysql database? I know it can be dangerous. But can't you just use prepared statements or something ???? Because it would be useful if I could store all characters in my database. Thanks for any help, thecard Quote Link to comment https://forums.phpfreaks.com/topic/134090-solved-storing-information-urls-and-emails-in-a-database/ Share on other sites More sharing options...
Mchl Posted November 24, 2008 Share Posted November 24, 2008 You can store them. You just need to properly escape them. Quote Link to comment https://forums.phpfreaks.com/topic/134090-solved-storing-information-urls-and-emails-in-a-database/#findComment-698001 Share on other sites More sharing options...
thecard Posted November 24, 2008 Author Share Posted November 24, 2008 How do I do that? Just mysql_real_escape_string(,); ? Quote Link to comment https://forums.phpfreaks.com/topic/134090-solved-storing-information-urls-and-emails-in-a-database/#findComment-698002 Share on other sites More sharing options...
Mchl Posted November 24, 2008 Share Posted November 24, 2008 Yes. And in fact <> are not dangerous for mysql. You should be careful with them however, because users might include html tags such as < script> or < iframe> that could load malicious content on your page. Quote Link to comment https://forums.phpfreaks.com/topic/134090-solved-storing-information-urls-and-emails-in-a-database/#findComment-698008 Share on other sites More sharing options...
thecard Posted November 24, 2008 Author Share Posted November 24, 2008 But will the mysql_real_escape_string(,); take out the <> anyway? Quote Link to comment https://forums.phpfreaks.com/topic/134090-solved-storing-information-urls-and-emails-in-a-database/#findComment-698012 Share on other sites More sharing options...
Mchl Posted November 24, 2008 Share Posted November 24, 2008 No. Quote Link to comment https://forums.phpfreaks.com/topic/134090-solved-storing-information-urls-and-emails-in-a-database/#findComment-698023 Share on other sites More sharing options...
revraz Posted November 24, 2008 Share Posted November 24, 2008 Use it then look at the data in the DB aftewards. But will the mysql_real_escape_string(,); take out the <> anyway? Quote Link to comment https://forums.phpfreaks.com/topic/134090-solved-storing-information-urls-and-emails-in-a-database/#findComment-698028 Share on other sites More sharing options...
thecard Posted November 24, 2008 Author Share Posted November 24, 2008 Yeah thanks. That was a bit too lazy of me. *solved*. Quote Link to comment https://forums.phpfreaks.com/topic/134090-solved-storing-information-urls-and-emails-in-a-database/#findComment-698031 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.