I have been facing a problem with data input through text editor (same problem for maximum opensource text editor) I have to insert content into mysql database and the content has the output in the HTMl format. I use both of the htmlspecialchars() and mysql_real_escape_string expression to provide security at the time of Data input. I have seen that if there is "", or ' in the content, the content can't be inserted otherwise it is ok. The same code some times go perfectly in the differerent server. I generally use like $x = htmlspecialchars($_REQUEST['content']); Code (markup): or $x = mysql_real_escape_string($_REQUEST['content']); Code (markup): or $x = htmlspecialchars(mysql_real_escape_string($_REQUEST['content'])); Code (markup): My question: is the problem for server related while some times I didn't get any error in some servers and never in localhost. When I get the output in the HTML format, there I always find some junk data like 'rn' and every time can not render ' & " sign. In the HTMl I always find some others like <br>, the URL or link changes always and some % sign also. Please Help.
I don't see why you are getting the " or ' problem when you are escaping. That must be something with your server. For the "rn" characters, it's not junk, it's \r\n characters stripslashed You can solve the rn problem by running this code before stripslashing $code= code from mysql $code= str_replace('\r\n',"\r\n",$code); $code= stripslashes($code); Note the use of ' and " signs in that str_replace Thanks