Jump to content

" Does Not Allow Link To Work .. Why ..?

spacepoet

By spacepoet
in PHP Coding Help

 Share

Recommended Posts

spacepoet Advanced Member

spacepoet

Posted
Posted

Hello:

 

I have been replacing all " (quotes) with this: "

 

I was under the impression I should do this when inserting data into a database.

 

This works, but when I select the data and display it like this:

<a href="http://www.website.com">Website</a>

 

The link does not work.

 

Should I be doing it the "standard" way:

<a href="http://www.website.com">Website</a>

???

 

I thought the idea was to remove the " and ' for security reasons .. ??

 

What am I missing .. ??

Link to comment
https://forums.phpfreaks.com/topic/271381-quot-does-not-allow-link-to-work-why/
Share on other sites
PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted

I thought the idea was to remove the " and ' for security reasons .. ??

 

Just what exactly is it you are trying to secure against? If it's to prevent links that are submitted to your script from being click-able links, you succeeded. The link is no longer a problem because it isn't a link any more.

spacepoet Advanced Member

spacepoet

Posted
  • Author
Posted

The real question is why would you store html markup in the database?

 

Because the person I am doing this for wants to be able to copy and paste affiliate-like ads and display them on his site .. The code generated comes with markup ...

 

This isn't a public form; it is in an admin area .. but I am trying to make it as safe as possible ..

 

I assume this is not possible (the way I was trying to do it) .. ??

spacepoet Advanced Member

spacepoet

Posted
  • Author
Posted

Because the person I am doing this for wants to be able to copy and paste affiliate-like ads and display them on his site .. The code generated comes with markup ...

 

This isn't a public form; it is in an admin area .. but I am trying to make it as safe as possible ..

 

I assume this is not possible (the way I was trying to do it) .. ??

 

Is this:

$myData = mysql_real_escape_string($_POST['myData']);

 

secure enough .. ??

Pikachu2000 Prolific Member

Pikachu2000

Posted
Posted

It isn't working because your changing the data instead of escaping it. Then when you echo the data the quotes are no longer quotes, they're html entities designed to be rendered and displayed by the browser.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.