mcmuney Posted July 25, 2007 Share Posted July 25, 2007 Below is my insert script. The problem I'm facing is that when I input, "<a href="test">TEST</a>" the DB writes "<a href="test">TEST</a>" and I want it to write exactly what I input: $sql_comm="INSERT INTO `sc_postcomment_member` ( `scm_mem_id`, `comment`, `post_date`, `comm_from`) VALUES ('$scm_mem_id', '$txt_comment', UNIX_TIMESTAMP(), '$social_mem_id')"; $res_comm=$db->insert_data($sql_comm); Quote Link to comment Share on other sites More sharing options...
redarrow Posted July 25, 2007 Share Posted July 25, 2007 <?php $str = "A 'quote' is <b>bold</b>"; // Outputs: A 'quote' is <b>bold</b> echo htmlentities($str); // Outputs: A 'quote' is <b>bold</b> echo htmlentities($str, ENT_QUOTES); ?> Quote Link to comment Share on other sites More sharing options...
mcmuney Posted July 25, 2007 Author Share Posted July 25, 2007 It's not about the output, but how it inserts the data. I want the data inserted to be carbon copy as data typed. Quote Link to comment Share on other sites More sharing options...
Aureole Posted July 25, 2007 Share Posted July 25, 2007 strip_tags() perhaps? <?php if( isset( $_POST ) ) { $rawr = strip_tags( $_POST["rawr"] ); // Etc. etc... ?> Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.