Securing from textarea input
Moderator: General Moderators
-
Skiddles2010
- Forum Newbie
- Posts: 19
- Joined: Tue Jul 06, 2010 11:05 pm
Securing from textarea input
I could use some help wrapping my head around this. I'd like to know what's a good way to go about securing multi-paragraph textarea inputs? The user will be inputting some kind of "How-To" guide of their own, so I need to allow things like periods, semicolons, apostrophe's, question marks, new lines etc. Using mysql_real_escape_strings, if a user enters something like, "Vinny's Recipe", it ends up displaying as "Vinny\\\'s Recipe". How do I avoid this? The form takes a number of different inputs from textareas, textfields, drop lists, and an image upload field. In it's present stage, the only "security" I have on those POST variables is that each one is filtered through mysql_real_escape_strings prior to being utilized. Any advice on how to secure this?
- superdezign
- DevNet Master
- Posts: 4135
- Joined: Sat Jan 20, 2007 11:06 pm
Re: Securing from textarea input
The extra slashes comes from adding slashes to slashes. This can occur if you escape the data twice. Either you are running an escape function (i.e. mysql_real_escape_string) twice on the same data, or if you have Magic Quotes enabled, which is the usual culprit. This can be disabled in the php.ini file, the .htaccess file, or by using stripslashes on the input data.