see htmlentities function in the manual

http://ca3.php.net/manual/en/function.htmlentities.php

bastien

From: "Todd Trent" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: [PHP-DB] validate/sanitize data
Date: Wed, 17 Nov 2004 15:06:55 -0500

I need to add textarea input into a mysql database. The input can be
anything you would find in normal paragraph text -
[:alnum:][:punct:][:space:]. In this case it is likely that the input could
also include special accent characters (grave, acute, tilde, etc. - ex. ).
Is addslashes enough to reduce security/sql error issues (provided
!get_magic_quotes_gpc())? Or should I try to strip or test for "-- = < >".
This input, due to its size, is obviously not going to be used in a WHERE
clause.

 
 Todd Trent
 VP

                    Hogfish Design
             2550 26th Street West
               Bradenton, FL 34205

                 Tel: 941-749-0144
        url: www.hogfishdesign.com
 

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


-- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php



Reply via email to