tsuby Posted July 1, 2013 Report Posted July 1, 2013 Incerc sa adaug un text in baza de date. Nu am inca BBCode, dar vreau sa adaug in viitor.Care e cea mai buna cale pentru a filtra textul primit, care m-ar lasa sa folosesc (orice fel de?) caractere speciale si sa fie totusi sigur? Quote
yoyois Posted July 1, 2013 Report Posted July 1, 2013 Introduci cu:$text = stripslashes($text);$text= mysql_real_escape_string($text);$query= "Insert ... ($text)";extragi cu:$query="Select ...";...$text=$result;$text = stripslashes($text);echo ($text); Quote
phreak Posted July 1, 2013 Report Posted July 1, 2013 php - Why is using a mysql prepared statement more secure than using the common escape functions? - Stack Overflow Quote