when i add the enter from the CMS admin panel then add the data before doing this php method..
$result = mysql_real_escape_string($str);
because i have too much special characteres in the db records, but stripslashes als开发者_StackOverflow中文版o show on the php pages how to decode stripslash or hide those. . thanking in advance.
please let us know any good function of php... thanks
Thanks
Perform database escaping when entering data into the database, and no sooner. Escape a copy of the data, as it's being entered into the database. Don't modify the original.
Remember, the methods used to escape data for entry into a database are entirely different things than the methods used to sanitize user-provided input for display. Perform them at appropriate times, and don't mix them in your code.
If you're having to use stripslashes
, then something is wrong with your code. You either double-escaped, or you have a server misconfiguration resulting in "magic quotes" being enabled.
Steps:
1) turn off magic quotes. 2) forget about stripslashes 3) use proper escaping using mysql real escape and passing the resource to the function and not just the string.
精彩评论