Jump to content

POST filtering w/o __escape_string


tsuby

Recommended Posts

Ok, so I'm trying to add an article(title, content, tags) to my database. Each of those field is stored in POST.

When i use a ' character in any of those fields, the query fails. (I previously used mysqli_real_escape_string on them)

 

How should I filter the input in order for everything to be safe and for me to be able to use ' in those fields? 

Link to comment
https://forums.phpfreaks.com/topic/279733-post-filtering-wo-__escape_string/
Share on other sites

Yes. The query for the tags is another one, but I don't have any problems with that as I don't need nonalphanumeric characters in the tags. 
 

$ok1 = mysqli_query($connection, "INSERT INTO blog_posts(title, text, date_posted)
		VALUES('$title', '$text', '$datestamp')");

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.