开发者

regarding stripslash in html pages how to hide... in php pages

开发者 https://www.devze.com 2023-02-18 16:36 出处:网络
when i add the enter from the CMS admin panel then add the data before doing this php method.. $result = mysql_real_escape_string($str);

when i add the enter from the CMS admin panel then add the data before doing this php method..

$result = mysql_real_escape_string($str);

because i have too much special characteres in the db records, but stripslashes als开发者_StackOverflow中文版o show on the php pages how to decode stripslash or hide those. . thanking in advance.

please let us know any good function of php... thanks

Thanks


Perform database escaping when entering data into the database, and no sooner. Escape a copy of the data, as it's being entered into the database. Don't modify the original.

Remember, the methods used to escape data for entry into a database are entirely different things than the methods used to sanitize user-provided input for display. Perform them at appropriate times, and don't mix them in your code.

If you're having to use stripslashes, then something is wrong with your code. You either double-escaped, or you have a server misconfiguration resulting in "magic quotes" being enabled.


Steps:

1) turn off magic quotes. 2) forget about stripslashes 3) use proper escaping using mysql real escape and passing the resource to the function and not just the string.

0

精彩评论

暂无评论...
验证码 换一张
取 消

关注公众号