How can I disable string escape in $db->insert, I need to insert html in my database, so I don’t want any string escape.Any solutions?
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
How can I disable string escape in $db->insert, I need to insert html in my database, so I don’t want any string escape.Any solutions?
You don’t want to disable that escaping.
Escaping data doesn’t prevent you from inserting anything. In fact, quite the opposite: escaping data enables you to properly insert characters like quote marks that could otherwise confuse the database. More importantly, passing unescaped data directly to a database exposes an enormous security hole, making it trivial for a “hacker” (if we use the term liberally) to gain unrestricted access to your site and to your database.
You’re probably confusing SQL escaping (which escapes data for use in SQL queries) with htmlspecialchars(), which escapes data for use on webpages. The two are unrelated.