[SOLVED] Using mysql_real_escape_string for displayed content

[Garrett]

On my website users can input data into a textarea and it will store it in the mysql database. But, I am unsure on how to prevent against mysql injections without using mysql_real_escape_string since I need to be able to display " " and / if the user enters it.

 

Basically similar to how a forum post displays text data is what I need to do.

[Daniel0]

I don't see what the problem is and why you cannot use mysql_real_escape_string(). That function is designed exactly to do what you want.

[Alex]

You should still preform mysql_real_escape_string() on the text. But when displaying it back preform stripslashes().

[Daniel0]

But when displaying it back preform stripslashes().

 

Or just turn magic quotes off.

[Garrett]

Thanks that's exactly what I was looking for.