text parsing

NevetsRetxab

How do I make my user inputed data from a forum, safe to transmit to a mysql database?

dannys

In theory doing

 $var=addslashes($var)

before you insert $var into the db should do.

Just remember that what you addslashes() on input, you must stripslashes() when you get it back out of the db.

theslinky

I tend to stripslashes first and then addslashes.

so:

$var = addslashes(stripslashes($var));

because on one of my servers, PHP automatically escapes quotes, etc, and on my home system it doesn't :-).

also, if you might want to run validations with eregi, etc to make sure the format is proper (i.e. so they don't enter a word instead of a number, etc).

-sridhar

victordb

I'm not sure what you mean do you mean encrypting the data being sent to mySQL or making it so it sends without problems.

dannys

Since he said 'safe' rather than 'secure' - I assumed he wants to make sure data is entered into the db ok - i.e not generating any errors.

Could be wrong though - was just how I assumed.

Of course, no-one should ever assume 🙂

NevetsRetxab

Thanks for you help guys. You were correct in assuming. What I'm doing is I'm writing a web forum and I've messed it up before with a single quote, but I've fixed it now.