943,851 Members | Top Members by Rank

Web Development > PHP > mysql_real_escape_string escapes char entities?
Ad:
  • PHP Discussion Thread
  • Unsolved
  • Views: 1574
  • PHP RSS
Permalink
Sep 12th, 2008
0

mysql_real_escape_string escapes char entities?

Expand Post »
Does mysql_real_escape_string() escape HTML character entities? I want people on my comment board to be able to post quotes in their comments, but they get escaped as raw ascii, so I run them through htmlentities() first, but it doesn't help. I only get it to work when I remove mysql_real_escape_string(), like this:
PHP Syntax (Toggle Plain Text)
  1. nl2br(strip_tags(/*mysql_real_escape_string(*/htmlentities($_POST["comment"],ENT_QUOTES)))/*)*/
. Is this expected?
Reputation Points: 77
Solved Threads: 40
Posting Pro in Training
CoolGamer48 is offline Offline
401 posts
since Jan 2008
Permalink
Sep 12th, 2008
0

Re: mysql_real_escape_string escapes char entities?

Hi.

It shouldn't do that, no.

You code works like expected on my server.
Using the following code:
php Syntax (Toggle Plain Text)
  1. $comment = $_POST['comment'];
  2. if(get_magic_quotes_gpc()) $comment = stripslashes($comment);
  3.  
  4. echo nl2br(strip_tags(mysql_real_escape_string(htmlentities($comment,ENT_QUOTES))));
The following string: He said: "What's up?"
Is converted into : He said: "What& #039;up?"
(Added a space in the single-quote HTML char. The forum would show it correctly otherwise.)

Just as expected.

I would question the need to convert them into HTML entities tho.
The mysql_real_escape_string function should make sure all quote-marks are safely inserted into the query, which should allow you to show them in your HTML without problems.

Personally I wouldn't alter the comment at all before inserting them into the database, other than using the mysql_real_escape_string function of course. I would prefer to do that when I present the data.
You never know if you need to change the way the data is displayed, and having the data in it's original form will make that easier.
Last edited by Atli; Sep 12th, 2008 at 8:48 pm.
Reputation Points: 93
Solved Threads: 70
Posting Pro
Atli is offline Offline
526 posts
since May 2007

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.
Message:
Previous Thread in PHP Forum Timeline: Persistant sockets?
Next Thread in PHP Forum Timeline: Mainframe over to WebDevelopment





About Us | Contact Us | Advertise | Acceptable Use Policy
Forum Index | Build Custom RSS Feed


Follow us on Twitter


© 2011 DaniWeb® LLC