Mysql_real_escape_string question!
Moderator: General Moderators
Question:
On the site I allow people to make posts, and when they are editing their posts in their member pages, I use a WYSIWYG editor ("RTE: Rich text editor").
With the webapp came the following function for inputting the formatted text into a database safely:
Should I keep this function? Does it do the same thing as mysql_real_escape_string()?
On the site I allow people to make posts, and when they are editing their posts in their member pages, I use a WYSIWYG editor ("RTE: Rich text editor").
With the webapp came the following function for inputting the formatted text into a database safely:
Code: Select all
function RTESafe($strText)
{
//returns safe code for preloading in the RTE
$tmpString = trim($strText);
//convert all types of single quotes
$tmpString = str_replace(chr(145), chr(39), $tmpString);
$tmpString = str_replace(chr(146), chr(39), $tmpString);
$tmpString = str_replace("'", "'", $tmpString);
//convert all types of double quotes
$tmpString = str_replace(chr(147), chr(34), $tmpString);
$tmpString = str_replace(chr(148), chr(34), $tmpString);
//$tmpString = str_replace("\"", "\"", $tmpString);
//replace carriage returns & line feeds
$tmpString = str_replace(chr(10), " ", $tmpString);
$tmpString = str_replace(chr(13), " ", $tmpString);
return $tmpString;
}