crocop1 Posted June 11, 2010 Share Posted June 11, 2010 hi im sort of new to the sql thing and i made a function like this to protect from xss and sql injection: function protect_from_xss($s){ $s = htmlentities($s); return $s; } and function protect_from_sql($s){ $s = mysql_real_escape_string($s); return $s; } however, say i have a part of my website where they post comments and sometimes people will use the ' or " in their comment and it will show up as \' or \".. how can i clean it without adding slashes? Link to comment https://forums.phpfreaks.com/topic/204512-protecting-against-sql-injection-without-adding-slashes/ Share on other sites More sharing options...
thomashw Posted June 11, 2010 Share Posted June 11, 2010 Why not just use the original function names instead of using your own? You can try using the stripslashes function when removing it from your database. Link to comment https://forums.phpfreaks.com/topic/204512-protecting-against-sql-injection-without-adding-slashes/#findComment-1070885 Share on other sites More sharing options...
Daniel0 Posted June 11, 2010 Share Posted June 11, 2010 Turn off magic quotes. Link to comment https://forums.phpfreaks.com/topic/204512-protecting-against-sql-injection-without-adding-slashes/#findComment-1070888 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.