crocop1 Posted June 11, 2010 Share Posted June 11, 2010 hi im sort of new to the sql thing and i made a function like this to protect from xss and sql injection: function protect_from_xss($s){ $s = htmlentities($s); return $s; } and function protect_from_sql($s){ $s = mysql_real_escape_string($s); return $s; } however, say i have a part of my website where they post comments and sometimes people will use the ' or " in their comment and it will show up as \' or \".. how can i clean it without adding slashes? Quote Link to comment https://forums.phpfreaks.com/topic/204512-protecting-against-sql-injection-without-adding-slashes/ Share on other sites More sharing options...
thomashw Posted June 11, 2010 Share Posted June 11, 2010 Why not just use the original function names instead of using your own? You can try using the stripslashes function when removing it from your database. Quote Link to comment https://forums.phpfreaks.com/topic/204512-protecting-against-sql-injection-without-adding-slashes/#findComment-1070885 Share on other sites More sharing options...
Daniel0 Posted June 11, 2010 Share Posted June 11, 2010 Turn off magic quotes. Quote Link to comment https://forums.phpfreaks.com/topic/204512-protecting-against-sql-injection-without-adding-slashes/#findComment-1070888 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.