Page 1 of 1
SQL injection and Rich HTML Text Areas
Posted: Mon Jul 27, 2009 7:05 pm
by joarobles
Hey, I'm new here and I wonder how to prevent SQL injection when I have to deal with rich html text areas...
Because, if I replace te quotes " with \" I invalidate the html code that I want to insert....
any idea? thanks!
Re: SQL injection and Rich HTML Text Areas
Posted: Mon Jul 27, 2009 7:05 pm
by jackpf
The slashes aren't inserted into the database.
Re: SQL injection and Rich HTML Text Areas
Posted: Wed Jul 29, 2009 11:08 am
by Darhazer
joarobles wrote:Hey, I'm new here and I wonder how to prevent SQL injection when I have to deal with rich html text areas...
Because, if I replace te quotes " with \" I invalidate the html code that I want to insert....
any idea? thanks!
The same way as you have to prevent any SQL Injections... and it's not adding slashes
Run the input (the HTML in this case) through mysql_real_escape_string() before sending to the database