Securing from textarea input
Posted: Tue Jul 20, 2010 7:39 pm
I could use some help wrapping my head around this. I'd like to know what's a good way to go about securing multi-paragraph textarea inputs? The user will be inputting some kind of "How-To" guide of their own, so I need to allow things like periods, semicolons, apostrophe's, question marks, new lines etc. Using mysql_real_escape_strings, if a user enters something like, "Vinny's Recipe", it ends up displaying as "Vinny\\\'s Recipe". How do I avoid this? The form takes a number of different inputs from textareas, textfields, drop lists, and an image upload field. In it's present stage, the only "security" I have on those POST variables is that each one is filtered through mysql_real_escape_strings prior to being utilized. Any advice on how to secure this?