timmy0320 Posted February 26, 2008 Share Posted February 26, 2008 When I use mysql_real_escape_string() on my forms, some of my forms re-input the info if there are errors, so I've researched some SQL injections and have been testing my own stuff. For the textboxes that repost everything will repost as "\\\" but in my 250char Comment/Concern box it saves it to the database in the correct way. What I'm getting at before I start coding the messaging system for the admin is when pulling the information from the database should I also use mysql_real_escape_string when displaying it via PHP. Or will doing that make it display as "\\\" like the textboxes on the forms that repost data do. Quote Link to comment Share on other sites More sharing options...
amites Posted February 26, 2008 Share Posted February 26, 2008 are you using stripslashes to display your results? mysql_real_escape_string does essentially the same things, adds slashes to ignore potentially harmful code, stripslashes will take the commented code and make it appear readable once again Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.