Question regarding input text

[brownbrod]

Hi.   Just a quick question.

 

I have the following:

 

<input type="radio" name="q3" value="The Preliminary Reliability Prediction indicates that the Failure Rate Requirement can be achieved, there are no known blocking issues in the Prime’s DFR Dashboard, and the team has a plan to get to “green” on all DFR deliverables in the Prime’s DFR Dashboard

" >

 

When transferring to SQL I receive erros because of the special characters within the VALUE.     I have seen a lot of PHP codes that has a "/" before the ">" .   Example:

 

<input type="radio" name="q3" value="Resources and funding to address all Reliability efforts (e.g. HALT/ALT testing) approved and in place" />

 

What does the "/" do?   Does this allow for special characters? 

 

Is there an easy way to fix this error I receive or should I just remove the "" and () from the value?

 

Thanks.

[dalecosp]

It's typically "\", not "/".  It's called "escaping" the data.  There are even some nice functions for it:

http://php.net/manual/en/mysqli.real-escape-string.php

[cyberRobot]

The forward slash ("/") is used for XHTML markup. Tags which don't have a closing tag (like <input>, <br>, etc.) need to be closed with the self-closing syntax (<input />, <br />, etc.).

[WebStyles]

you can also just try something like addslashes() before inserting into database, and stripslashes() when pulling stuff out.

[cyberRobot]

The following quote is from the manual for addslashes().

 

To escape database parameters, DBMS specific escape function (e.g. mysqli_real_escape_string() for MySQL or pg_escape_literal(), pg_escape_string() for PostgreSQL) should be used for security reasons.