SQL injection and Rich HTML Text Areas

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
joarobles
Forum Newbie
Posts: 1
Joined: Mon Jul 27, 2009 7:00 pm

SQL injection and Rich HTML Text Areas

Post by joarobles »

Hey, I'm new here and I wonder how to prevent SQL injection when I have to deal with rich html text areas...
Because, if I replace te quotes " with \" I invalidate the html code that I want to insert....
any idea? thanks!
User avatar
jackpf
DevNet Resident
Posts: 2119
Joined: Sun Feb 15, 2009 7:22 pm
Location: Ipswich, UK

Re: SQL injection and Rich HTML Text Areas

Post by jackpf »

The slashes aren't inserted into the database.
User avatar
Darhazer
DevNet Resident
Posts: 1011
Joined: Thu May 14, 2009 3:00 pm
Location: HellCity, Bulgaria

Re: SQL injection and Rich HTML Text Areas

Post by Darhazer »

joarobles wrote:Hey, I'm new here and I wonder how to prevent SQL injection when I have to deal with rich html text areas...
Because, if I replace te quotes " with \" I invalidate the html code that I want to insert....
any idea? thanks!
The same way as you have to prevent any SQL Injections... and it's not adding slashes
Run the input (the HTML in this case) through mysql_real_escape_string() before sending to the database
Post Reply