3007 posts
  • Author had a File in an Envato Bundle
  • Bought between 1 and 9 items
  • Elite Author
  • Europe
  • Exclusive Author
  • Has been a member for 3-4 years
  • Referred between 100 and 199 users
+2 more
duotive says

Hey. What is the best practice to escape html special characters when saving user input in database and works for the majority of the servers out there? I used mysql_real_escape_string and seems to fail under some servers. Also htmlentities fails. Keep in mind that i will need to use the data after i insert it :) Thanks

1040 posts
  • Referred between 1 and 9 users
  • Sold between 1 000 and 5 000 dollars
  • Has been a member for 4-5 years
  • Bought between 10 and 49 items
  • Exclusive Author
  • Microlancer Beta Tester
  • United States
fillerspace says

mysql_real_escape_string is the best way to do it if you are writing raw SQL queries. The question is, why aren’t you using a database abstraction layer? You can use an ORM wth a DBAL built-in, like Propel or Doctrine, or just the DBAL like ADODB . These libraries will have escaping logic built in that will wrap PHP native methods and handle failures as well.

3007 posts
  • Author had a File in an Envato Bundle
  • Bought between 1 and 9 items
  • Elite Author
  • Europe
  • Exclusive Author
  • Has been a member for 3-4 years
  • Referred between 100 and 199 users
+2 more
duotive says

I want to use it in a wordpress template so that is why i need it to be general. I cannot choose what every of our customers use as a database engine.

3120 posts
  • Sold between 5 000 and 10 000 dollars
  • United States
  • Bought between 10 and 49 items
  • Has been a member for 3-4 years
  • Exclusive Author
chrisakelley says

I want to use it in a wordpress template so that is why i need it to be general. I cannot choose what every of our customers use as a database engine.

http://codex.wordpress.org/Function_Reference/esc_attr

3007 posts
  • Author had a File in an Envato Bundle
  • Bought between 1 and 9 items
  • Elite Author
  • Europe
  • Exclusive Author
  • Has been a member for 3-4 years
  • Referred between 100 and 199 users
+2 more
duotive says

Thanks. Will give it a try.

3120 posts
  • Sold between 5 000 and 10 000 dollars
  • United States
  • Bought between 10 and 49 items
  • Has been a member for 3-4 years
  • Exclusive Author
chrisakelley says

Thanks. Will give it a try.

this is probably a better read http://codex.wordpress.org/Data_Validation

1040 posts
  • Referred between 1 and 9 users
  • Sold between 1 000 and 5 000 dollars
  • Has been a member for 4-5 years
  • Bought between 10 and 49 items
  • Exclusive Author
  • Microlancer Beta Tester
  • United States
fillerspace says

I want to use it in a wordpress template so that is why i need it to be general. I cannot choose what every of our customers use as a database engine.

Then you should use WordPress database object (wpdb). They handle escaping for you, and you don’t have to open a second db connection.

by
by
by
by
by
by