Jump to content

Junk Data Found After Data Input Through Editor


yoursanjay
 Share

Recommended Posts

I have been facing a problem with data input through text editor (same problem for maximum opensource text editor)I have to insert content into mysql database and the content has the output in the HTMl format. I use both of the htmlspecialchars() and mysql_real_escape_string expression to provide security at the time of Data input.I have seen that if there is "", or ' in the content, the content can't be inserted otherwise it is ok. The same code some times go perfectly in the differerent server.I generally use like

$x = htmlspecialchars($_REQUEST['content']);
or
$x = mysql_real_escape_string($_REQUEST['content']);
or
$x = htmlspecialchars(mysql_real_escape_string($_REQUEST['content']));
My question: is the problem for server related while some times I didn't get any error in some servers and never in localhost.When I get the output in the HTML format, there I always find some junk data like 'rn' and every time can not render ' & " sign. In the HTMl I always find some others like <br>, the URL or link changes always and some % sign also.Please Help. Edited by bluebel
Link to comment
Share on other sites

htmlspecialchars — Convert special characters to HTML entities'&' (ampersand) becomes '&' and so on...I haven't ever used the one above.mysql_real_escape_string - Escapes special characters in a string for use in a SQL statementmysql_real_escape_string or mysql_escape_string depending on PHP version.Oh wait magic_quotes might be enabled on your server;TRY:

stripslashes($_REQUEST['content']);

Edited by student101
Link to comment
Share on other sites

If magic quotes are enabled, the best option is to disable them - http://www.php.net/manual/en/security.magi...s.disabling.php. Note that htmlspecialchars() doesn't protect against SQL injection, it protects against XSS.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...