PhotoDune

HTML CHARACTER ESCAPE

duotive
2945 posts
  • Author had a File in an Envato Bundle
  • Author was Featured
  • Bought between 1 and 9 items
  • Elite Author
  • Europe
  • Exclusive Author
  • Has been a member for 2-3 years
  • Item was Featured
  • Referred between 100 and 199 users
+2 more
duotive says

Hey. What is the best practice to escape html special characters when saving user input in database and works for the majority of the servers out there? I used mysql_real_escape_string and seems to fail under some servers. Also htmlentities fails. Keep in mind that i will need to use the data after i insert it :) Thanks

2 years ago
fillerspace
960 posts
  • Sold between 100 and 1 000 dollars
  • Has been a member for 3-4 years
  • Bought between 10 and 49 items
  • Exclusive Author
  • Microlancer Beta Tester
  • United States
fillerspace says

mysql_real_escape_string is the best way to do it if you are writing raw SQL queries. The question is, why aren’t you using a database abstraction layer? You can use an ORM wth a DBAL built-in, like Propel or Doctrine, or just the DBAL like ADODB . These libraries will have escaping logic built in that will wrap PHP native methods and handle failures as well.

2 years ago
duotive
2945 posts
  • Author had a File in an Envato Bundle
  • Author was Featured
  • Bought between 1 and 9 items
  • Elite Author
  • Europe
  • Exclusive Author
  • Has been a member for 2-3 years
  • Item was Featured
  • Referred between 100 and 199 users
+2 more
duotive says

I want to use it in a wordpress template so that is why i need it to be general. I cannot choose what every of our customers use as a database engine.

2 years ago
chrisakelley
2935 posts
  • Community Superstar
  • Sold between 1 000 and 5 000 dollars
  • Bought between 10 and 49 items
  • Has been a member for 2-3 years
  • United States
  • Exclusive Author
chrisakelley says
duotive said
I want to use it in a wordpress template so that is why i need it to be general. I cannot choose what every of our customers use as a database engine.

http://codex.wordpress.org/Function_Reference/esc_attr

2 years ago
duotive
2945 posts
  • Author had a File in an Envato Bundle
  • Author was Featured
  • Bought between 1 and 9 items
  • Elite Author
  • Europe
  • Exclusive Author
  • Has been a member for 2-3 years
  • Item was Featured
  • Referred between 100 and 199 users
+2 more
duotive says

Thanks. Will give it a try.

2 years ago
chrisakelley
2935 posts
  • Community Superstar
  • Sold between 1 000 and 5 000 dollars
  • Bought between 10 and 49 items
  • Has been a member for 2-3 years
  • United States
  • Exclusive Author
chrisakelley says
duotive said
Thanks. Will give it a try.

this is probably a better read http://codex.wordpress.org/Data_Validation

2 years ago
fillerspace
960 posts
  • Sold between 100 and 1 000 dollars
  • Has been a member for 3-4 years
  • Bought between 10 and 49 items
  • Exclusive Author
  • Microlancer Beta Tester
  • United States
fillerspace says
duotive said
I want to use it in a wordpress template so that is why i need it to be general. I cannot choose what every of our customers use as a database engine.

Then you should use WordPress database object (wpdb). They handle escaping for you, and you don’t have to open a second db connection.

2 years ago

Search forums

Active threads

100% gpl lol 4 replies, last by doru 2 minutes ago
Minor Changes to Marketplace Membership Terms and Conditions - Please Read 152 replies, last by kurikv 12 minutes ago
(Locked) Payment reversal 10 replies, last by quickandeasy 30 minutes ago
(Locked) Reversal again and again 24 replies, last by quickandeasy 33 minutes ago
If thisi is true, the WORLD will be changed rapidly next few years! 9 replies, last by VF 36 minutes ago
Post an Insane Lie about the Person Above 2 - Keep it Clean! 167 replies, last by VF 50 minutes ago
Your best TV series 195 replies, last by lucafrancini 1 hour ago
by
by
by
by
by