BBcode, forms and database security

[AdRock]

I have a form where the user can enter some BBcode to style text but I am really concerned about database security.

 

When I submit a form, I use stripslashes to get rid of the crap before it enters the database but will this affect the BBcode as it has a slash i.e. [/tag]

 

What is the best way so i can insert the BBcode or the converted HTML into my database without compromising my database?

[Jessica]

The slashes it strips are \.

Not /

Also, you don't STRIP slashes before entering data into a database. You ADD them using mysql_real_escape_string() in order to protect yourself against SQL injection.

[Fadion]

Using stripslashes wont effect your BBcode as it strips \. Those / are backslashes. Also just to let u know, stripping slashes is reverse of addslashes. To protect sql injections u add slashes to special characters like ' or ". When outputting to the user u strip those slashes with stripslashes(). As jesirose said, use mysql_real_escape_string() as it escapes special characters in data which are going to be inserted in mysql.