Jump to content

Recommended Posts

I have a form where the user can enter some BBcode to style text but I am really concerned about database security.

 

When I submit a form, I use stripslashes to get rid of the crap before it enters the database but will this affect the BBcode as it has a slash i.e. [/tag]

 

What is the best way so i can insert the BBcode or the converted HTML into my database without compromising my database?

Link to comment
https://forums.phpfreaks.com/topic/67381-bbcode-forms-and-database-security/
Share on other sites

Using stripslashes wont effect your BBcode as it strips \. Those / are backslashes. Also just to let u know, stripping slashes is reverse of addslashes. To protect sql injections u add slashes to special characters like ' or ". When outputting to the user u strip those slashes with stripslashes(). As jesirose said, use mysql_real_escape_string() as it escapes special characters in data which are going to be inserted in mysql.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.