| Jeffrey N Dyke 2004-06-30, 3:56 pm |
|
> I'm using php addslashes to store data into MySQL and php stripslashes
when
> pulling it back out, but I'm running into trouble when people enter HTML
> code. Do you have any recommendations?
> Here's an example of what I'm talking about :
> <input name="Title" value="<?php echo stripslashes($Entry["Title"]);?>">
> An error occurs if the entry has a value of:
> this is a <font color="red"><b>test</b></font>. Are we having FUN
yet?
> Any ideas or recommendations?
I guess it depends on what you want to do with that data. if you want the
html to remain you could run htmlspecialchars against the input which would
convert characters based in the list at the top of this
page...http://www.php.net/manual/en/functi...ecialchars.php.
or if you want to get rid of the html use strip_tags()
or if neither work for you...addcslashes maybe good for you. (i'm guesting
this is what you want, as there is also a corresponding stripcslashes() )
hth
jeff
> Thanks,
> -Ed
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
|