Garrett Posted October 18, 2009 Share Posted October 18, 2009 On my website users can input data into a textarea and it will store it in the mysql database. But, I am unsure on how to prevent against mysql injections without using mysql_real_escape_string since I need to be able to display " " and / if the user enters it. Basically similar to how a forum post displays text data is what I need to do. Link to comment https://forums.phpfreaks.com/topic/178135-solved-using-mysql_real_escape_string-for-displayed-content/ Share on other sites More sharing options...
Daniel0 Posted October 18, 2009 Share Posted October 18, 2009 I don't see what the problem is and why you cannot use mysql_real_escape_string(). That function is designed exactly to do what you want. Link to comment https://forums.phpfreaks.com/topic/178135-solved-using-mysql_real_escape_string-for-displayed-content/#findComment-939220 Share on other sites More sharing options...
Alex Posted October 18, 2009 Share Posted October 18, 2009 You should still preform mysql_real_escape_string() on the text. But when displaying it back preform stripslashes(). Link to comment https://forums.phpfreaks.com/topic/178135-solved-using-mysql_real_escape_string-for-displayed-content/#findComment-939223 Share on other sites More sharing options...
Daniel0 Posted October 18, 2009 Share Posted October 18, 2009 But when displaying it back preform stripslashes(). Or just turn magic quotes off. Link to comment https://forums.phpfreaks.com/topic/178135-solved-using-mysql_real_escape_string-for-displayed-content/#findComment-939226 Share on other sites More sharing options...
Garrett Posted October 18, 2009 Author Share Posted October 18, 2009 Thanks that's exactly what I was looking for. Link to comment https://forums.phpfreaks.com/topic/178135-solved-using-mysql_real_escape_string-for-displayed-content/#findComment-939229 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.