PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
I looked at, http://in.php.net/stripslashes and tried the above code, I would like to know if any modifications that has to be done to avoid problems of inserting names like O'reilly and displaying in textfield and in textarea.
Thanks
Last edited by thatsme on Fri Feb 15, 2008 9:24 pm, edited 1 time in total.
Are you talking about for a database insert? Yes, there will be problems with your code.
Please clarify what your intent is.
I am not asking about sql injection. I am concerned with displaying the data. If i type Oriely's in textarea or in textbox and if an error occurs for some reason the control come back and shows the form. In the form it should display the same data which i typed (it should not add extra \ and i also observed the characters after ' character disappear). So i tried,
.
If i insert into database, the data should be inserted correctly. In the same way i should be able to extract those data from database and display in the samefield (I will be using the same form for editing).
1. (re: "//insert into db") Avoid using addslashes. It is inadequate for protection against SQL injection in many cases.
2. Your code will be insecure if magic_quotes is off.
3. Always specify correct encoding in htmlspecialchars (and there's no hurt in always using ENT_QUOTES as well)