Jump to content

special characters

kev wood

By kev wood
in PHP Coding Help

 Share

Recommended Posts

kev wood Regular Member

kev wood

Posted
Posted

i am storing data into a mysql db but this data can have special html characters inside the text which is then being turned into symbols when they are pulled back out of the db to be viewed again.

 

i know to fix this problem you can use addslashes() and stripslashers() but i am a little unsure of how to use the first part of this.

 

the reason i am unsure is that i have a few different pieces of information being entered into the db which are posted to the page.  i have read that $_POST and $_GET data already have the addslashes() function applied to them.  so if i wanted to to perform the addslashes() when it ws going into the db would i do it as it is posted like the following

 

addslashes($option1) = $_POST['radio'];

 

or do it after the data has been posted but before the data is entered into the db

 

addslashes($option1);

 

or do it as it is entered into the db

 

VALUES ('addslashes($a)',

 

or can more than one of these options be used.

Link to comment
Share on other sites
Mchl Regular Member

Mchl

Posted
Posted

i have read that $_POST and $_GET data already have the addslashes() function applied to them. 

 

This is no longer valid. This behaviour depends on setting called magic_quotes. It is disabled by default in current versions of PHP. You should not use it if you can.

 

See here for more information

 

http://www.php.net/magic_quotes

Link to comment
Share on other sites
kev wood Regular Member

kev wood

Posted
  • Author
Posted

would this line of code do i want then

 

$option1 = mysql_real_escape_string ($_POST['radio']);

 

also if mysql_real_escape_string() is used do you not have to anything to the data once you are extracting it back out of the db or is this function only use when extracting the information from the db.

Link to comment
Share on other sites
Mchl Regular Member

Mchl

Posted
Posted

Yes. That would work fine. And no, you don't have to do anything when retrieving data from database. Remember to use mysql_real_escape string, on every variable that comes from user and goes into query. Even when selecting data

 

For example:

<?php
$varEscaped = mysql_real_escape_string($_POST['var']);
$sql = "SELECT * FROM table WHERE var = $escapedVar";

 

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.