TecTaoMC
asked on
Confusion on useing Escape Special Characters
It started when I was finding that data was not being put into fields of a mysql database. Some information was being passed in text fields, text boxes from a rich text editor and others was not getting inserted. On occasion, an entire form would not inserted.
In the refresh page I was using the standard $data=$_POST['data' ];
In reading I learned that some data with special characters was causing the data entry problem. In my reading I discovered there were a number of way to approach it. But now I'm confused as to which is best to use and why. Any quick overview would be helpful. These are the what I'm confused over:
$data=mysql_real_escape_st ring($_POS T['data']) ;
$data=mysqli_real_escape_s tring($_PO ST['data'] );
$data=addslashes(htmlspeci alchars($_ POST['data ']));
Thank you for any clarification.
In the refresh page I was using the standard $data=$_POST['data' ];
In reading I learned that some data with special characters was causing the data entry problem. In my reading I discovered there were a number of way to approach it. But now I'm confused as to which is best to use and why. Any quick overview would be helpful. These are the what I'm confused over:
$data=mysql_real_escape_st
$data=mysqli_real_escape_s
$data=addslashes(htmlspeci
Thank you for any clarification.
ASKER
Thank you Kevin,
That clarifies things.
I do use on occasion a php rich text editor that will add html characters such as <b> </b> , <i> </i>, paragraph tags, header tags and even font styles, size, color to text as it is added to the database.
Is is recommended to still use mysql_escape_string in this case or would the addslashes(htmlspecialchar s) be best ?
That clarifies things.
I do use on occasion a php rich text editor that will add html characters such as <b> </b> , <i> </i>, paragraph tags, header tags and even font styles, size, color to text as it is added to the database.
Is is recommended to still use mysql_escape_string in this case or would the addslashes(htmlspecialchar
mysql_escape_string would be the best.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
mysqli_real_escape_string is only used if you prefer to use the mysqli class. There is no reason for you to use it if you're just starting out.
addslashes(htmlspecialchar
mysql_real_escape_string is designed with mysql in mind, and thus handles a greater variety of circumstances.