Um, I've been working with PHP and MySQL for a few weeks, and to store text I've always been stripping anything but alphanumeric characters, which has worked fine until now.
For my next project , I need to store non alphanumeric characters as well. I'm wondering how would I go about doing this without being SQL injected?
Like, forums such as vBulletin and phpBB are able to store ' and -- and ;;; without having the SQL queries pwned and susceptible to injection. I'll need to store those characters as well, but if I use the method I've always been doing, then I'll most definitely be injected.
How do I replicate what phpBB and vBulletin do (save text without being injected)?
I don't think I need to include any code, because it's pretty standard to what all noobs do, but here is what I've done in the past. However, I strip away anything non alphanumeric here, which I've mentioned I can't do in this next project.
$query = "INSERT INTO contacts VALUES ('$username','$text', '$postdate')"; mysql_query($query); echo "added";
Thanks in advance for all your help!