Home/ Questions/Q 7776263
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-01T17:50:13+00:00

Using PHP, what is the best way to store special characters (like the following)

  • 0

Using PHP, what is the best way to store special characters (like the following) in a MSQUL database, to avoid injections.

« " ' é à ù

This is how I do it now: 

$book_text=$_POST['book_text'];
$book_text=htmlentities($book_text, "ENT_QUOTES");
$query=//DB query to insert the text

Then:

$query=//DB query to select the text
$fetch=//The fetch of $book_text
$book_text=html_entity_decode($book_text);

This way, all my text is formatted in HTML entities. But I think this takes up a lot of database space. So, is there a better way?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Use utf8 encoding to store these values.

    To avoid injections use mysql_real_escape_string() (or prepared statements).

    To protect from XSS use htmlspecialchars.

    • 0