Hey, I'm new here and I wonder how to prevent SQL injection when I have to deal with rich html text areas...
Because, if I replace te quotes " with \" I invalidate the html code that I want to insert....
any idea? thanks!
SQL injection and Rich HTML Text Areas
Moderator: General Moderators
Re: SQL injection and Rich HTML Text Areas
The slashes aren't inserted into the database.
Re: SQL injection and Rich HTML Text Areas
The same way as you have to prevent any SQL Injections... and it's not adding slashesjoarobles wrote:Hey, I'm new here and I wonder how to prevent SQL injection when I have to deal with rich html text areas...
Because, if I replace te quotes " with \" I invalidate the html code that I want to insert....
any idea? thanks!
Run the input (the HTML in this case) through mysql_real_escape_string() before sending to the database