FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » Form fields to database and back?
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: Form fields to database and back? [message #174571 is a reply to message #174563] Sat, 18 June 2011 06:35 Go to previous message
Thomas 'PointedEars'  is currently offline  Thomas 'PointedEars'
Messages: 701
Registered: October 2010
Karma:
Senior Member
bobmct wrote:

> From field to database I used mysql_real_escape_string.
>
> When I look at the actual data stored in the db field that function
> inserted backslashes before each double quote.
>
> To display the retrieved db field I ran it through htmlspecialchars()
> but the backslashes still remained. I had to use stripslashes to
> remove them.

Then you are doing something wrong. mysql_real_escape_string() – AISB,
prepared statements (PS) with MySQLi or PDO are preferable to that – only
escapes the data for the query, so that SQL code injection is prevented.
It does _not_ change the data to be stored. So when you retrieve the data
you should not need to unescape anything. Perhaps you have used
mysql_real_escape_string() on the retrieved data also, but that is _not_ its
purpose.

> Works for now.

By chance. mysql_real_escape_string() does more than addslashes(), which is
why it is preferable to that. (And PS are preferable to it because they
consider the type automatically, among other advantages.)


PointedEars
--
Use any version of Microsoft Frontpage to create your site.
(This won't prevent people from viewing your source, but no one
will want to steal it.)
-- from <http://www.vortex-webdesign.com/help/hidesource.htm> (404-comp.)
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: free computer ebooks updated daily
Next Topic: IP address and empty $_FILES
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Wed Nov 27 01:50:12 GMT 2024

Total time taken to generate the page: 0.04362 seconds