By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
440,117 Members | 2,097 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 440,117 IT Pros & Developers. It's quick & easy.

Escaping Data and Replacing HTML for PHP/MySQL

P: n/a
Isn't inserting good data and getting it out of a db a pain in the a$$?

I am going to be using the Markdown text to HTML parser
(http://daringfireball.net/projects/markdown/dingus) for creating HTML
from user input (for a bespoke CMS) so that users can put in their own
headings, lists and links etc.

This is great and gets round all the issues of apostrophes etc. when
inserting informaiton into a database for me.

However for other fields such as Username, First Name, Address etc. I
still need to be able to cleanly add in slashes (as well as other HTML
elements such as $ and &).

Is there a good solid idiot proof solution to this, bearing in mind
that from server to server things like magic quotes will change.

My thoughts are to create a function like this below to use before
constructing SQL statements:

function prep_for_db( $value ) {
if ( ini_get('magic_quotes_gpc') != true ){
$value = addslashes( $value );
}

//some other XHTML related find and replace stuff for &, $, etc.

return $value

}

The second issue is that of replacing elements such as &, $ and (is
there a function out there for replacing these chars or do I need to
build my own?). If I replace these with things like & they will
start taking up my characters in my db fields. Would it be prudent to
just parse text on the way out of the db or is this gonna slow down
general browsing?

Any help and advice from more experienced PHPers would be greatly
appreciated.

Regards,

Rick
www.e-connected.com

Sep 21 '05 #1
Share this Question
Share on Google+
2 Replies


P: n/a
thehuby wrote:
....
The second issue is that of replacing elements such as &, $ and (is
there a function out there for replacing these chars or do I need to
build my own?).

....

You may want to start here:
http://www.php.net/manual/en/function.htmlentities.php
http://www.php.net/manual/en/functio...ecialchars.php

Sep 21 '05 #2

P: n/a
Thanks for that..they don't appear to escape all the characters I want,
I think I may need to build my own search and replace funciton to deal
with the ones I need (dollar for example is not covered in either
function) for XHTML and Accessibility compliance.

Rick

Sep 22 '05 #3

This discussion thread is closed

Replies have been disabled for this discussion.