Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Greetings,
I’d like to insert html via a form into my database using php. Can anyone please tell me what function I can use to ensure something such as
<p>This is a test</p>
<h1>Turns up correctly</h1>
Turns up in the database correctly. Right now when I do an insert the special characters are replaced with the HTML special character code.
Also whats the best way to handle inputs such as this? My code is going to be very fragile against something such as special characters and quotes.
Thanks
You only need
mysql_real_escape_string():DB doesn’t care of special characters. The important thing is to escape quotes, which
mysql_real_escape_string()will handle.So no need for
htmlentities($myHTML)or anything like that, and when you fetch the HTML back from the database, it is already in the right format for outputting.