|
|
Posted by Jerry Stuckle on 10/27/67 11:57
Wim Cossement wrote:
> Hello,
>
> I was wondering if there are a few good pages and/or examples on how to
> process form data correctly for putting it in a MySQL DB.
>
> Since I'm not used to using PHP a lot, I already found out that
> addslashes() can be used escape some characters, but I'm having some
> more problems with for instance ä, å and µ (since the text is scientifical)
> Now some people also throw in htmlspecialchars() to convert those to
> HTML entities, but some nest htmlspecialchars() in addslashes() and
> others do the opposite.
>
> Is there a good and error proof way of ensuring that what one puts in a
> textarea gets stored and can be retrieved safe and sound?
>
> Thanks in advance,
>
> Wimmy
>
You'll need to select the correct character set for MySQL. It might be
utf-8, as some have suggested, but you might find another charaset more
applicable. See the MySQL doc and comp.databases.mysql newsgroup for
more info on mysql topics.
Also, rather than use addslashes() you should use
mysql_real_escape_string() to escape your characters.
You shouldn't use htmlspecialchars() for storing data into the database;
that's a display issue, not a storage issue. You should only use it
when displaying data (if necessary).
And also ensure you're using the correct character set on your html page
to display the data.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================
Navigation:
[Reply to this message]
|