lpxxfaintxx Posted January 28, 2009 Share Posted January 28, 2009 So I created a simple function that strips all posted data from potential malicious data, but I realized a big flaw. All the apostrophes were stripped, resulting in awkward looking text when saved. Is there any better way of doing this? How would I output it? function form($data) { global $db_connect; $data = ereg_replace("[\'\")(;|`,<>]", "", $data); $data = mysql_real_escape_string(trim($data), $db_connect); return stripslashes($data); } Link to comment https://forums.phpfreaks.com/topic/142757-preventing-mysql-injections-while-keeping-apostrophes/ Share on other sites More sharing options...
GingerRobot Posted January 28, 2009 Share Posted January 28, 2009 If magic_quotes are turned off, just use mysql_real_escape_string() - there's no need to do anything further. If magic_quotes are turned on, you'll want to stripslahes() first. Link to comment https://forums.phpfreaks.com/topic/142757-preventing-mysql-injections-while-keeping-apostrophes/#findComment-748312 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.