Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I have a javascript-based rich text editor.
What is the safest way to save the tags it generates?
I’m using MySQL as my database.
I’m not sure if using mysql_real_escape_string($text); is safe.
I can’t think of a reason to use
htmlentitieshere.mysql_real_escape_stringis vital here because it prevents people from injecting malicious SQL code like';DROP * FROM table foo;--into you database. I’d try it withouthtmlentities, if you find that you need to convert to entities then you could tryhtmlspecialcharsinstead which only converts special characters.If you want to limit the allowed HTML in your form you might also want to look into the
strip_tagsfunction.Relevant documentation:
https://www.php.net/manual/en/function.htmlentities.php
https://www.php.net/manual/en/function.htmlspecialchars.php
Good luck