compguru910 Posted April 1, 2010 Share Posted April 1, 2010 Hello, im a php programmer that hasnt programmed in a few years, and I need a refresher. Im putting a WYSIWYG editor on my website, and when I post the html, I know I need to strip the slashes from the content, but I also need to add slashes for the content when it goes to display. I saw that in the PHP manual the magic_quotes has been depricated as of 5.3, so im wondering what is the best way to do this? Thanks in advance for the help. Link to comment https://forums.phpfreaks.com/topic/197257-stripping-slashes/ Share on other sites More sharing options...
the182guy Posted April 1, 2010 Share Posted April 1, 2010 I recommend using MySQLi Prepared Statements for this because it will handle the escaping for you, you don't have to process the input. A good example can be seen here: http://devzone.zend.com/article/686 The only processing you might want to do is checking for <script> tags. Link to comment https://forums.phpfreaks.com/topic/197257-stripping-slashes/#findComment-1035398 Share on other sites More sharing options...
Mchl Posted April 1, 2010 Share Posted April 1, 2010 1. Check if magic quotes are enabled on your server using get_magic_quotes_gpc. If it is, you need to stripslashes from input values, otherwise you DO NOT need it. 2. Then you can go two ways. Either use MySQLi's prepared statements, which arguably give you the best protection against SQL injection, or use mysqli_real_escape_string and type casting to sanitize variables before putting them into your query strings. Link to comment https://forums.phpfreaks.com/topic/197257-stripping-slashes/#findComment-1035514 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.