Hello Please check: http://beta.cmela.com/pro_view.php?pid=59 In Product Description you will see slashes i used stripshashes but still no luck. I have another idea of using htmlspecialchars function like: Line number On/Off | Expand/Contract | Select all PHP Code: $new = htmlspecialchars('15.5" color TV/Free Shipping', ENT_QUOTES); PHP: Basically my requirement is to able to allow user to put following character like single quote, double quote, slahses (' " / \) in db but no hacking or sql injection should occur. I just want to submit everything to database and get it back but without having any sql injection problem any help thank you
I think the problem is that you use more addslashes() than stripslashes(). This can be caused by using addslashes() explicitly even when magic quotes are on. Use function get_magic_quotes_gpc() and function get_magic_quotes_runtime() to check this.
Hi dizyn, One of the simplest solutions might be to use prepared statements as one of their primary benefits is in reducing the risk of injection attacks and largely removing the need to 'check' the text entered into a db. If you've got double and single quotes being used at will you'll still have to work out some way of getting a meaningful string to the statement but that shouldn't be hard. Jon