Re: mysql_real_escape_string() chopping off after quotes — PHP Programming Language

You are here: Re: mysql_real_escape_string() chopping off after quotes « PHP Programming Language « IT news, forums, messages

Posted by Paul Furman on 08/10/07 03:01

Paul Furman wrote:

> Michael Fesser wrote:
>
>> When printing anything to an HTML page, use
>> htmlspecialchars() to escape those characters that have a special
>> meaning in HTML (", &, <, >). If necessary use the ENT_QUOTES flag. See
>> the manual for details.
>>
>> http://www.php.net/htmlspecialchars
>
> Thanks again, it sounds like I should run that in my html_safe()
> function along with stripslashes().

Just a followup on the htmlspecialchars idea, I tried it & had to
disable it... if I used that, I'd need to be more selective than my
html_safe function because it disabled my ability to add content from
the admin interface with links & images. But thanks for mentioning it.

--
Paul Furman Photography
http://edgehill.net
Bay Natives Nursery
http://www.baynatives.com

Navigation:

Next in forum: Re: Flash stronger then PHP?
Prev in forum: Re: mysql_real_escape_string() chopping off after quotes
Thread view: Re: mysql_real_escape_string() chopping off after quotes

[Reply to this message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация