inserting text

[corillo181]

when you insert text into mysql wich functions do you use to make sure the text is enter safely.. such functions as

 

htmlspecialchars that changes the html

 

mysql_real_escape_string

 

and others and to retrieve the text.

 

can any one give me some good functions to enter text the way the user enter it in their comment and make sure the text looks the same when it comes out of mysql.

[corillo181]

any contribution?

[pocobueno1388]

Inserting data

• Definitely use mysql_real_escape_string() on EVERY variable being inserted into the database.
  
• If you are allowing the user to insert HTML, use htmlentities() along with the above function.
  

 

Displaying data

• If you used mysql_real_escape strings to put it into the DB, use striplashes() to display it.
  
• If you used htmlentites() to put it in the db, use html_entity_decode() to display it.

 

Thats about all I know. There may be other things you could do to make it even safer.

 

 

[corillo181]

thank you. one question about striplashes wont it strip a intetionally inerted slash?

 

example: joy/guns;

when dis playing will it effect it?

[teng84]

no it will only affect the \ not the/