AdRock Posted August 31, 2007 Share Posted August 31, 2007 I have a form where the user can enter some BBcode to style text but I am really concerned about database security. When I submit a form, I use stripslashes to get rid of the crap before it enters the database but will this affect the BBcode as it has a slash i.e. [/tag] What is the best way so i can insert the BBcode or the converted HTML into my database without compromising my database? Quote Link to comment https://forums.phpfreaks.com/topic/67381-bbcode-forms-and-database-security/ Share on other sites More sharing options...
Jessica Posted August 31, 2007 Share Posted August 31, 2007 The slashes it strips are \. Not / Also, you don't STRIP slashes before entering data into a database. You ADD them using mysql_real_escape_string() in order to protect yourself against SQL injection. Quote Link to comment https://forums.phpfreaks.com/topic/67381-bbcode-forms-and-database-security/#findComment-338170 Share on other sites More sharing options...
Fadion Posted August 31, 2007 Share Posted August 31, 2007 Using stripslashes wont effect your BBcode as it strips \. Those / are backslashes. Also just to let u know, stripping slashes is reverse of addslashes. To protect sql injections u add slashes to special characters like ' or ". When outputting to the user u strip those slashes with stripslashes(). As jesirose said, use mysql_real_escape_string() as it escapes special characters in data which are going to be inserted in mysql. Quote Link to comment https://forums.phpfreaks.com/topic/67381-bbcode-forms-and-database-security/#findComment-338186 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.