Can some please explain to me in detail what is the best way to setup a script when getting data from a user from a form that in then going to be sumbitted into a mysql database. I have read as much as I can find and I get about 95% of it but it seems to be different in different articles I read. I want to know what is the best way.
Should I leave magic quotes on? Do I turn them off and use addslashes.
What about htmlspecialchars? Should I also do that to every variable the user inputs?
This is a function I wrote for filtering the text with addslashes but I think I should remove it if magic quotes is on... correct?
function filter_text ($var)
$var = trim($var);
$var = htmlspecialchars($var);
$var = addslashes($var);
What about getting the data back out of the database? If magic quotes is on do I do nothing or do I have to stripslashes?
Please help straighten this out for me. If you have function you use for filtering text can you please post the code or tell me what I should do with mine.
Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.
Popularity Can Be Measured
Sometimes we deal with questions of popularity, and we need a way to collect opinions from our clients. This article shows a simple teaching example of how we might elect a favorite color by letting our clients vote for …
Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption. Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…