Allowing ' through databases

Carbine · Post by **Carbine** » Sun May 08, 2011 1:29 pm

I want ' and " to be allowed through the database, but without mysql injection. I use htmlentities, but that doesn't do anything to them. Sorry if this is a stupid question, I just don't want to injected :L I tried entering apos; in the articles to see if that's allowed through and if so I could just replace ' with apos; before it goes through, but using apos; and It still didn't work :L Thanks and sorry for all the questions.

/E should this be in the php security section?

CodeCanyon items · Post by **Tino** » Sun May 08, 2011 1:31 pm

You'll want to pass it the ENT_QUOTES flag.

[syntax=php]$var = htmlentities($_POST['var'], ENT_QUOTES);[/syntax]

This will convert both single and double quotes.

Carbine · Post by **Carbine** » Sun May 08, 2011 1:33 pm

Thanks very much Tino, you're a legend.

CodeCanyon items · Post by **Tino** » Sun May 08, 2011 1:34 pm

You're welcome. And thanks, I suppose

Post by **jacek** » Sun May 08, 2011 1:57 pm

There shouldn't be any problems if you escape them correctly

BetterPHP

Allowing ' through databases

Allowing ' through databases

Re: Allowing ' through databases

Re: Allowing ' through databases

Re: Allowing ' through databases

Re: Allowing ' through databases