stripslashes ( encodings to from MySQL )

am 28.01.2011 19:39:31 von dbrooke

Hello,

I use mysql_real_escape_string() to
escape data for db population.

ie.

...form..
<?PHP stripslashes($dbvar); ?>

...recieving form input before db update..
$var =mysql_real_escape_string($var);

My question is regarding when wanting to allow HTML
within a database...

Will stripslashes also take out the slashes from something
like this?:
some text

That would effectively negated the ability to use HTML/CSS
in your db. If so, how do you get around this with safe data
entry?

TIA,
Donovan

--
D Brooke

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: stripslashes ( encodings to from MySQL )

am 28.01.2011 19:51:25 von dbrooke

Sorry, should have done some simple testing!.. It
appears that stripslashes is smarter than simply stripping
all "/".

So, my apologies for interrupting the class! ;-)

Donovan

--
D Brooke

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: stripslashes ( encodings to from MySQL )

am 31.01.2011 10:39:27 von Andrew Holt

Hi Donovan,

One of the things that I found really helpful was to use PDO for the databa=
se connections. Whilst it's a little different than using the mysql_query =
() functions, the way that it escapes strings in and out of the database au=
tomatically turned into a real godsend. There's a little tutorial and guid=
e at http://www.phpro.org/tutorials/Introduction-to-PHP-PDO.html which show=
s you how it all works and was quite helpful for me.

Andrew

-----Original Message-----
From: Donovan Brooke [mailto:lists@euca.us]=20
Sent: 28 January 2011 18:40
To: php-db@lists.php.net
Subject: stripslashes ( encodings to from MySQL )

Hello,

I use mysql_real_escape_string() to
escape data for db population.

ie.

...form..
<?PHP stripslashes($dbvar); ?>

...recieving form input before db update..
$var =3Dmysql_real_escape_string($var);

My question is regarding when wanting to allow HTML
within a database...

Will stripslashes also take out the slashes from something
like this?:
some text

That would effectively negated the ability to use HTML/CSS
in your db. If so, how do you get around this with safe data
entry?

TIA,
Donovan

--=20
D Brooke

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php