3007 posts
  • Has been part of the Envato Community for over 4 years
  • Has referred 200+ members
  • Has sold $250,000+ on Envato Market
  • Had an item featured in an Envato Bundle
+7 more
duotive says

Hey. What is the best practice to escape html special characters when saving user input in database and works for the majority of the servers out there? I used mysql_real_escape_string and seems to fail under some servers. Also htmlentities fails. Keep in mind that i will need to use the data after i insert it :) Thanks

1148 posts
  • Has referred 1+ members
  • Has sold $1,000+ on Envato Market
  • Has been a beta tester for an Envato feature
  • Has collected 10+ items on Envato Market
+3 more
fillerspace says

mysql_real_escape_string is the best way to do it if you are writing raw SQL queries. The question is, why aren’t you using a database abstraction layer? You can use an ORM wth a DBAL built-in, like Propel or Doctrine, or just the DBAL like ADODB . These libraries will have escaping logic built in that will wrap PHP native methods and handle failures as well.

3007 posts
  • Has been part of the Envato Community for over 4 years
  • Has referred 200+ members
  • Has sold $250,000+ on Envato Market
  • Had an item featured in an Envato Bundle
+7 more
duotive says

I want to use it in a wordpress template so that is why i need it to be general. I cannot choose what every of our customers use as a database engine.

3266 posts
  • Has sold $5,000+ on Envato Market
  • Has collected 10+ items on Envato Market
  • Located in United States
  • Has been part of the Envato Community for over 4 years
+1 more
organicbee says

I want to use it in a wordpress template so that is why i need it to be general. I cannot choose what every of our customers use as a database engine.

http://codex.wordpress.org/Function_Reference/esc_attr

3007 posts
  • Has been part of the Envato Community for over 4 years
  • Has referred 200+ members
  • Has sold $250,000+ on Envato Market
  • Had an item featured in an Envato Bundle
+7 more
duotive says

Thanks. Will give it a try.

3266 posts
  • Has sold $5,000+ on Envato Market
  • Has collected 10+ items on Envato Market
  • Located in United States
  • Has been part of the Envato Community for over 4 years
+1 more
organicbee says

Thanks. Will give it a try.

this is probably a better read http://codex.wordpress.org/Data_Validation

1148 posts
  • Has referred 1+ members
  • Has sold $1,000+ on Envato Market
  • Has been a beta tester for an Envato feature
  • Has collected 10+ items on Envato Market
+3 more
fillerspace says

I want to use it in a wordpress template so that is why i need it to be general. I cannot choose what every of our customers use as a database engine.

Then you should use WordPress database object (wpdb). They handle escaping for you, and you don’t have to open a second db connection.

by
by
by
by
by
by