I have the following function that sanitizes input from the user or the url:

Question

0

Asked: May 26, 20262026-05-26T09:56:57+00:00 2026-05-26T09:56:57+00:00

I have the following function that sanitizes input from the user or the url:

0

I have the following function that sanitizes input from the user or the url:

   function SanitizeString($var)
   {
       $var=stripslashes($var);
       $var=htmlentities($var, ENT_QUOTES, 'UTF-8');
       $var=strip_tags($var);
       return $var;
   }

I dont know whether to use that function in addition to this php function:

mysql_real_escape_string()..

I also dont know if I take all the precautions to sanitize that input

I also have a problem of stripping tags..cause I am using tiny_MCE..and not stripping them is important..

How do I return the state of the html characters as html characters before they were feed into the database?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-26T09:56:58+00:00

Editorial Team

2026-05-26T09:56:58+00:00Added an answer on May 26, 2026 at 9:56 am

If you’re talking about how to sanitize the HTML that comes out before you put it on the screen (which you don’t really mention in your question but do in your comments), it’s far more complicated than you might think.

Take a look at:
http://iamcal.com/publish/articles/php/processing_html/
and
http://www.iamcal.com/publish/articles/php/processing_html_part_2/

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I have the following function that sanitizes input from the user or the url:

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply