zero_ZX Posted September 3, 2011 Share Posted September 3, 2011 Hi, I'm sure many of you heard of "pastebin", if not the short of it, is that you can submit your code (+100 languages), and you can display it to your friends via a link with syntax highlighting available. So, One way to store the code is surely in txt files, but I would really prefer to have it stored in a mysql database. My only concern is people trying to run a sql injection, so how do i get around all this? I don't want the user's content to be changed, but I don't want SQL injections either.. is this even possible at all? Any tips appreciated, also if you could think of another alternative than txt files and mysql. Link to comment https://forums.phpfreaks.com/topic/246372-avoding-injection/ Share on other sites More sharing options...
Psycho Posted September 3, 2011 Share Posted September 3, 2011 Use mysql_real_escape_string() on any string input being stored in the database. And, you will want to use htmlentities() before displaying to the page - else it could be interpreted as code in the HTML page and either not be rendered, cause display issue, or - worse - cause an XSS attack. Link to comment https://forums.phpfreaks.com/topic/246372-avoding-injection/#findComment-1265185 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.