stripslashes ( encodings to from MySQL )

Hello,

I use mysql_real_escape_string() to
escape data for db population.

ie.

...form..
<textarea><?PHP stripslashes($dbvar); ?></textarea>

...recieving form input before db update..
$var =mysql_real_escape_string($var);

My question is regarding when wanting to allow HTML
within a database...

Will stripslashes also take out the slashes from something
like this?:
<span style="color:red;">some text</span>


That would effectively negated the ability to use HTML/CSS
in your db. If so, how do you get around this with safe data
entry?

TIA,
Donovan




--
D Brooke

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
dbrooke [ Fr, 28 Januar 2011 19:39 ] [ ID #2054025 ]

Re: stripslashes ( encodings to from MySQL )

Sorry, should have done some simple testing!.. It
appears that stripslashes is smarter than simply stripping
all "/".

So, my apologies for interrupting the class! ;-)

Donovan



--
D Brooke

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
dbrooke [ Fr, 28 Januar 2011 19:51 ] [ ID #2054026 ]

RE: stripslashes ( encodings to from MySQL )

Hi Donovan,

One of the things that I found really helpful was to use PDO for the databa=
se connections. Whilst it's a little different than using the mysql_query =
() functions, the way that it escapes strings in and out of the database au=
tomatically turned into a real godsend. There's a little tutorial and guid=
e at http://www.phpro.org/tutorials/Introduction-to-PHP-PDO.html which show=
s you how it all works and was quite helpful for me.

Andrew

-----Original Message-----
From: Donovan Brooke [mailto:lists [at] euca.us]
Sent: 28 January 2011 18:40
To: php-db [at] lists.php.net
Subject: stripslashes ( encodings to from MySQL )

Hello,

I use mysql_real_escape_string() to
escape data for db population.

ie.

...form..
<textarea><?PHP stripslashes($dbvar); ?></textarea>

...recieving form input before db update..
$var =3Dmysql_real_escape_string($var);

My question is regarding when wanting to allow HTML
within a database...

Will stripslashes also take out the slashes from something
like this?:
<span style=3D"color:red;">some text</span>


That would effectively negated the ability to use HTML/CSS
in your db. If so, how do you get around this with safe data
entry?

TIA,
Donovan




--
D Brooke

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Andrew Holt [ Mo, 31 Januar 2011 10:39 ] [ ID #2054248 ]
PHP » gmane.comp.php.database » stripslashes ( encodings to from MySQL )

Vorheriges Thema: Leap Year
Nächstes Thema: RSS Feed

[ Startseite ] [ Administrator ] [ Suche ] [ Hinweise ] [ Impressum ]

Powered by FudForum