yoursanjay Posted February 22, 2010 Share Posted February 22, 2010 I have been facing a problem with data input through text editor (same problem for maximum opensource text editor)I have to insert content into mysql database and the content has the output in the HTMl format. I use both of the htmlspecialchars() and mysql_real_escape_string expression to provide security at the time of Data input.I have seen that if there is "", or ' in the content, the content can't be inserted otherwise it is ok. The same code some times go perfectly in the differerent server.I generally use like $x = htmlspecialchars($_REQUEST['content']);or $x = mysql_real_escape_string($_REQUEST['content']);or $x = htmlspecialchars(mysql_real_escape_string($_REQUEST['content']));My question: is the problem for server related while some times I didn't get any error in some servers and never in localhost.When I get the output in the HTML format, there I always find some junk data like 'rn' and every time can not render ' & " sign. In the HTMl I always find some others like <br>, the URL or link changes always and some % sign also.Please Help. Link to comment Share on other sites More sharing options...
student101 Posted February 24, 2010 Share Posted February 24, 2010 htmlspecialchars — Convert special characters to HTML entities'&' (ampersand) becomes '&' and so on...I haven't ever used the one above.mysql_real_escape_string - Escapes special characters in a string for use in a SQL statementmysql_real_escape_string or mysql_escape_string depending on PHP version.Oh wait magic_quotes might be enabled on your server;TRY: stripslashes($_REQUEST['content']); Link to comment Share on other sites More sharing options...
Synook Posted February 25, 2010 Share Posted February 25, 2010 If magic quotes are enabled, the best option is to disable them - http://www.php.net/manual/en/security.magi...s.disabling.php. Note that htmlspecialchars() doesn't protect against SQL injection, it protects against XSS. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.