corillo181 Posted July 2, 2007 Share Posted July 2, 2007 when you insert text into mysql wich functions do you use to make sure the text is enter safely.. such functions as htmlspecialchars that changes the html mysql_real_escape_string and others and to retrieve the text. can any one give me some good functions to enter text the way the user enter it in their comment and make sure the text looks the same when it comes out of mysql. Quote Link to comment Share on other sites More sharing options...
corillo181 Posted July 2, 2007 Author Share Posted July 2, 2007 any contribution? Quote Link to comment Share on other sites More sharing options...
pocobueno1388 Posted July 2, 2007 Share Posted July 2, 2007 Inserting data Definitely use mysql_real_escape_string() on EVERY variable being inserted into the database. If you are allowing the user to insert HTML, use htmlentities() along with the above function. Displaying data If you used mysql_real_escape strings to put it into the DB, use striplashes() to display it. If you used htmlentites() to put it in the db, use html_entity_decode() to display it. Thats about all I know. There may be other things you could do to make it even safer. Quote Link to comment Share on other sites More sharing options...
corillo181 Posted July 2, 2007 Author Share Posted July 2, 2007 thank you. one question about striplashes wont it strip a intetionally inerted slash? example: joy/guns; when dis playing will it effect it? Quote Link to comment Share on other sites More sharing options...
teng84 Posted July 2, 2007 Share Posted July 2, 2007 no it will only affect the \ not the/ Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.