forum posts / sql TEXT

[MemphiS]

When ive ste the mysql table row to TEXT does this mean it will only read any saved data in it as text? just asking as i dont wish to have an sql injection leak in my forum posts. Currently i validate most the characters but ones like & , ' " ; i just default it to an error and dont save it in the db.

[darkfreaks]

if your worried about injection attacks then do

 

<?php
$variable= $_POST[variable];
$variable= mysql_escape_real_string($variable);?>

 

 

 

[marcus]

Text is basically any character of your character Unicode.

 

Normal text fields hold up to 65,000 bytes, if it exceeds it will truncate itself.

MEDIUMTEXT holds up to 16 million characters.

LONGTEXT holds up to 4 trillion characters.

[darkfreaks]

mysql_real_escape_string will escape all special characters before inserting to database

[MemphiS]

Thanks...i already have strip_tags(addslashes()) and check the input.. with ctype_alnum()

 

I was simply asking if the sql TEXT will go into the db as straight TEXT so characters like ' " , & || wont cause problems.

 

 

[marcus]

It should go successfully.

[darkfreaks]

your still better off adding mysql_real_escape_string

[redarrow]

mysql_real_escape_string($what_ever)

 

you need to read and try ok.

[darkfreaks]

mysql_real_escape_string is the best way to plug SQL injection leaks.

[marcus]

I think we get the point.