PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
$new = htmlspecialchars('15.5" color TV/Free Shipping', ENT_QUOTES);
Basically my requirement is to able to allow user to put following character like single quote, double quote, slahses (' " / \) in db but no hacking or sql injection should occur.
You need to use the database specific escaping function. You can also convert characters to HTML entities. Also check your database setting for character set. The database may retain or remove the escaped characters depending on the settings.
tables type: InnoDB
MySQL charset: UTF-8 Unicode (utf8)
i have a check of string count, if the submitted string is less than 50 characters then it will give me error message, now the problem is if i submitted '15.5" new / used tv' this will give error but if i try to display it in html field this will not show complete string.