Posted: Sat Aug 06, 2005 7:12 pm
I'd actually perform a stripslashes() if magic quotes are on, and perform a mysql_real_escape_string() on the data being passed into the query only.
A community of PHP developers offering assistance, advice, discussion, and friendship.
http://forums.devnetwork.net/
Code: Select all
function RTESafe($strText)
{
//returns safe code for preloading in the RTE
$tmpString = trim($strText);
//convert all types of single quotes
$tmpString = str_replace(chr(145), chr(39), $tmpString);
$tmpString = str_replace(chr(146), chr(39), $tmpString);
$tmpString = str_replace("'", "'", $tmpString);
//convert all types of double quotes
$tmpString = str_replace(chr(147), chr(34), $tmpString);
$tmpString = str_replace(chr(148), chr(34), $tmpString);
//$tmpString = str_replace("\"", "\"", $tmpString);
//replace carriage returns & line feeds
$tmpString = str_replace(chr(10), " ", $tmpString);
$tmpString = str_replace(chr(13), " ", $tmpString);
return $tmpString;
}