lpxxfaintxx Posted January 28, 2009 Share Posted January 28, 2009 So I created a simple function that strips all posted data from potential malicious data, but I realized a big flaw. All the apostrophes were stripped, resulting in awkward looking text when saved. Is there any better way of doing this? How would I output it? function form($data) { global $db_connect; $data = ereg_replace("[\'\")(;|`,<>]", "", $data); $data = mysql_real_escape_string(trim($data), $db_connect); return stripslashes($data); } Quote Link to comment Share on other sites More sharing options...
GingerRobot Posted January 28, 2009 Share Posted January 28, 2009 If magic_quotes are turned off, just use mysql_real_escape_string() - there's no need to do anything further. If magic_quotes are turned on, you'll want to stripslahes() first. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.