Hi Donovan,

One of the things that I found really helpful was to use PDO for the database 
connections.  Whilst it's a little different than using the mysql_query () 
functions, the way that it escapes strings in and out of the database 
automatically turned into a real godsend.  There's a little tutorial and guide 
at http://www.phpro.org/tutorials/Introduction-to-PHP-PDO.html which shows you 
how it all works and was quite helpful for me.


-----Original Message-----
From: Donovan Brooke [mailto:li...@euca.us] 
Sent: 28 January 2011 18:40
To: php-db@lists.php.net
Subject: stripslashes ( encodings to from MySQL )


I use mysql_real_escape_string() to
escape data for db population.


<textarea><?PHP stripslashes($dbvar); ?></textarea>

..recieving form input before db update..
$var =mysql_real_escape_string($var);

My question is regarding when wanting to allow HTML
within a database...

Will stripslashes also take out the slashes from something
like this?:
<span style="color:red;">some text</span>

That would effectively negated the ability to use HTML/CSS
in your db. If so, how do you get around this with safe data


D Brooke

PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to