2012/5/2 Federico Ulfo <rainelemen...@gmail.com>: > All you want to escape for MySql is ' and \. > In javascript you have to consider also double quote " and new line \n, > which is equivalent to use semicolon ; > In HTML you want also to be secure from XSS, so you want to use > htmlspecialchars (as Rob said). > > Anyway, I'm not sure I understood your problem, so I strongly recommend to > deactivate GPC, which you can do from php.ini, or by stripslashing the input > variables: > http://php.net/manual/en/security.magicquotes.disabling.php > > Instead if your contents is already escaped and your problem is to > un-escape, try to understand how is escaped, then str_replace or > preg_replace will do the job!
Yes, that's one point, it's not always clear what the escape functions did (unless you don't want to look inside the PHP source code) :) ------------------ Eugenio Tacchini dadabik.org DaDaBIK database front-end _______________________________________________ New York PHP User Group Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk http://www.nyphp.org/show-participation
