timmy0320 Posted February 26, 2008 Share Posted February 26, 2008 When I use mysql_real_escape_string() on my forms, some of my forms re-input the info if there are errors, so I've researched some SQL injections and have been testing my own stuff. For the textboxes that repost everything will repost as "\\\" but in my 250char Comment/Concern box it saves it to the database in the correct way. What I'm getting at before I start coding the messaging system for the admin is when pulling the information from the database should I also use mysql_real_escape_string when displaying it via PHP. Or will doing that make it display as "\\\" like the textboxes on the forms that repost data do. Link to comment https://forums.phpfreaks.com/topic/93104-quick-real_escape_string-question/ Share on other sites More sharing options...
amites Posted February 26, 2008 Share Posted February 26, 2008 are you using stripslashes to display your results? mysql_real_escape_string does essentially the same things, adds slashes to ignore potentially harmful code, stripslashes will take the commented code and make it appear readable once again Link to comment https://forums.phpfreaks.com/topic/93104-quick-real_escape_string-question/#findComment-477202 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.