davidsakh Posted February 13, 2009 Share Posted February 13, 2009 I'm trying to break my database. I was able to successfully insert: blah? "lol" 'wee'' into the database, so I think I'm cleaning the strings properly, but when I print it out for the user inside of an input field, 'wee' isn't displayed, because the slashes aren't added. in the source, i see: value='blah? "lol" 'wee'' /> so, I addslashes(), and this works, but the user sees slashes around "lol" when I don't want her to. Any help would be greatly appreciated. Security is not my strong point. :-\ Link to comment https://forums.phpfreaks.com/topic/145033-solved-slashes-and-database/ Share on other sites More sharing options...
kenrbnsn Posted February 13, 2009 Share Posted February 13, 2009 When displaying data that contain quotes you need to use the function htmlentities with then ENT_QUOTES option: <?php $str = 'blah? "lol" ' . "'wee'"; echo '<input type="text" value="' . htmlentities($str,ENT_QUOTES) . '">'; ?> Ken Link to comment https://forums.phpfreaks.com/topic/145033-solved-slashes-and-database/#findComment-761048 Share on other sites More sharing options...
davidsakh Posted February 13, 2009 Author Share Posted February 13, 2009 When displaying data that contain quotes you need to use the function htmlentities with then ENT_QUOTES option: <?php $str = 'blah? "lol" ' . "'wee'"; echo '<input type="text" value="' . htmlentities($str,ENT_QUOTES) . '">'; ?> Ken prompt and dead-on. It works. I apologize for my stupidity. Thanks. Link to comment https://forums.phpfreaks.com/topic/145033-solved-slashes-and-database/#findComment-761051 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.