Best way to store user-submitted HTML in SQL?

Ask about a PHP problem here.
Post Reply
User avatar
Helx
Posts: 350
Joined: Thu May 17, 2012 6:45 am
Location: Auckland, New Zealand

Best way to store user-submitted HTML in SQL?

Post by Helx »

Hi, real quick question.

I'm setting up somewhat of a forum for a website, and I need to allow the storage of HTML tags for formatting (not using BBcode).
What's the best way to secure it? Would mysql_real_escape_string do enough?

(I know it's deprecated, but it's fine for now)
User avatar
FrederickGeek8
Posts: 148
Joined: Wed Nov 30, 2011 10:31 pm

Re: Best way to store user-submitted HTML in SQL?

Post by FrederickGeek8 »

I'd say thats probably enough... Since when has mysql_real_escape_string been deprecated... I've been using it in all my projects 0_o

What should I use instead? (Sorry hijacking your topic)
User avatar
Helx
Posts: 350
Joined: Thu May 17, 2012 6:45 am
Location: Auckland, New Zealand

Re: Best way to store user-submitted HTML in SQL?

Post by Helx »

User avatar
FrederickGeek8
Posts: 148
Joined: Wed Nov 30, 2011 10:31 pm

Re: Best way to store user-submitted HTML in SQL?

Post by FrederickGeek8 »

I have no idea whats going on

I wanna cry

I think I'm going to create a new topic
User avatar
Temor
Posts: 1186
Joined: Thu May 05, 2011 8:04 pm

Re: Best way to store user-submitted HTML in SQL?

Post by Temor »

Mysql_real_escape_string would work just fine.
You still need to prevent xss attacks and some html tags. You don't want users to be able to use all of the html tags. That could wreak some real havoc on the layout of your site :P

If you create a list of accepted tags, you wouldn't even need to clean them, because you already know that they're clean.
Post Reply