I have created a Textarea control. The data 开发者_运维百科entered in this control goes to a database when Submit is clicked. However, when the user types single quotes while entering value in this control and clicks Submit, data does not go to the database.
How can I allow users to enter special characters like this while entering data in the form?
When inserting data in a query, you have to escape them with mysql_real_escape_string() (if mysql database). This protects you from SQL Injections.
mysql_query("INSERT INTO table(col) VALUES('".mysql_real_escape_string($data)."')");
When showing data in form elements, you have to escape them like this with htmlspecialchars() function. This protects you from XSS.
<textarea><?php echo htmlspecialchars($data, ENT_QUOTES); ?></textarea>
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论