Hi all, I have a script that submits some text into a field, which is then displayed to the public. I need to make this safe, so i need to add the PHP htmlentities Function to the script. Here is my script - <?php mysql_query(" UPDATE members SET quote = '" . substr(mysql_real_escape_string($_POST['quote']), 0, 300) . "' WHERE username = '" . mysql_real_escape_string($ses_username) . "' ") OR die(mysql_error()); $updated=true; ?> PHP: Where do i put the PHP htmlentities Function ?
You don't need it IN the database. Text in HTML entities takes a little bit more space than the same as normal text, and there's generally no reason to do so, because it's harmless inside your database. You should filter the text when you're outputting it to the user, because THAT is when it can be dangerous. Have a look at the manual page for examples on how to use it. www.php.net/htmlentities