Mysql_real_escape_string question!

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

I'd actually perform a stripslashes() if magic quotes are on, and perform a mysql_real_escape_string() on the data being passed into the query only.
influx
Forum Commoner
Posts: 31
Joined: Fri Aug 05, 2005 9:28 am

Post by influx »

Question:

On the site I allow people to make posts, and when they are editing their posts in their member pages, I use a WYSIWYG editor ("RTE: Rich text editor").

With the webapp came the following function for inputting the formatted text into a database safely:

Code: Select all

function RTESafe($strText)
{
	//returns safe code for preloading in the RTE
	$tmpString = trim($strText);
		
	//convert all types of single quotes
	$tmpString = str_replace(chr(145), chr(39), $tmpString);
	$tmpString = str_replace(chr(146), chr(39), $tmpString);
	$tmpString = str_replace("'", "'", $tmpString);
		
	//convert all types of double quotes
	$tmpString = str_replace(chr(147), chr(34), $tmpString);
	$tmpString = str_replace(chr(148), chr(34), $tmpString);
	//$tmpString = str_replace("\"", "\"", $tmpString);
		
	//replace carriage returns & line feeds
	$tmpString = str_replace(chr(10), " ", $tmpString);
	$tmpString = str_replace(chr(13), " ", $tmpString);
		
	return $tmpString;
}
Should I keep this function? Does it do the same thing as mysql_real_escape_string()?
Post Reply