3007 posts
  • Has been part of the Envato Community for over 4 years
  • Has referred 200+ members
  • Has sold $250,000+ on Envato Market
  • Had an item featured in an Envato Bundle
+7 more
duotive says

Hey. What is the best practice to escape html special characters when saving user input in database and works for the majority of the servers out there? I used mysql_real_escape_string and seems to fail under some servers. Also htmlentities fails. Keep in mind that i will need to use the data after i insert it :) Thanks

1148 posts
  • Has referred 1+ members
  • Has sold $1,000+ on Envato Market
  • Has been a beta tester for an Envato feature
  • Has collected 10+ items on Envato Market
+3 more
fillerspace says

mysql_real_escape_string is the best way to do it if you are writing raw SQL queries. The question is, why aren’t you using a database abstraction layer? You can use an ORM wth a DBAL built-in, like Propel or Doctrine, or just the DBAL like ADODB . These libraries will have escaping logic built in that will wrap PHP native methods and handle failures as well.

3007 posts
  • Has been part of the Envato Community for over 4 years
  • Has referred 200+ members
  • Has sold $250,000+ on Envato Market
  • Had an item featured in an Envato Bundle
+7 more
duotive says

I want to use it in a wordpress template so that is why i need it to be general. I cannot choose what every of our customers use as a database engine.

3436 posts
  • Has sold $5,000+ on Envato Market
  • Has collected 10+ items on Envato Market
  • Located in United States
  • Has been part of the Envato Community for over 4 years
+1 more
organicbee says

I want to use it in a wordpress template so that is why i need it to be general. I cannot choose what every of our customers use as a database engine.

http://codex.wordpress.org/Function_Reference/esc_attr

3007 posts
  • Has been part of the Envato Community for over 4 years
  • Has referred 200+ members
  • Has sold $250,000+ on Envato Market
  • Had an item featured in an Envato Bundle
+7 more
duotive says

Thanks. Will give it a try.

3436 posts
  • Has sold $5,000+ on Envato Market
  • Has collected 10+ items on Envato Market
  • Located in United States
  • Has been part of the Envato Community for over 4 years
+1 more
organicbee says

Thanks. Will give it a try.

this is probably a better read http://codex.wordpress.org/Data_Validation

1148 posts
  • Has referred 1+ members
  • Has sold $1,000+ on Envato Market
  • Has been a beta tester for an Envato feature
  • Has collected 10+ items on Envato Market
+3 more
fillerspace says

I want to use it in a wordpress template so that is why i need it to be general. I cannot choose what every of our customers use as a database engine.

Then you should use WordPress database object (wpdb). They handle escaping for you, and you don’t have to open a second db connection.

Helpful Information

  • Please read our community guidelines. Self promotion and discussion of piracy is not allowed.
  • Open a support ticket if you would like specific help with your account, deposits or purchases.
  • Item Support by authors is optional and may vary. Please see the Support tab on each item page.

Most of all, enjoy your time here. Thank you for being a valued Envato community member.

Post Reply

Format your entry with some basic HTML. Read the Full Details, or here is a refresher:

<strong></strong> to make things bold
<em></em> to emphasize
<ul><li> or <ol><li> to make lists
<h3> or <h4> to make headings
<pre></pre> for code blocks
<code></code> for a few words of code
<a></a> for links
<img> to paste in an image (it'll need to be hosted somewhere else though)
<blockquote></blockquote> to quote somebody

:grin: :shocked: :cry: Complete List of Smiley Codes

by
by
by
by
by
by