题
I am trying to read in text from a text box and store it into my database. Security of my database is at first priority and special characters are second. At the moment users can use basic special characters (!@#...ect) but not greater than or less than(<>) or (☺☻♥).
This is what the code looks like at the moment.
https://stackoverflow.com/questions/15441601
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian$temp = $tableName.".".$fieldName." = '".mysql_real_escape_string(strip_tags($fieldValue))."'";
when I put in < or > i receive blanks in my database.
and
when I put in ☺ or ☻ i receive ? as an input.
Any input on this would be nice. Thank you.
解决方案 2
when I put in '<' or '>' i receive blanks in my database.
That's what the strip_tags method does
and when I put in '☺' or '☻' i receive '?' as an input.
That's an encoding problem.
As for
Security of my database is at first priority
I suggest you migrate your code to prepared statements (mysqli or pdo).
其他提示
It is not related to database, it is related to strip_tags() function which strips HTML and PHP tags from a string
Use htmlentities or htmlspecialchars instead of strip tags. Strip tags removes any HTML tags from the string. The two functions I mentioned convert the HTML tags into html entities (a textual representation of that character eg <) which means they can be outputted on a page as text and not be parsed as HTML by the browser.
Thank you guys for your help. I found the issue. The code that I am editing was changing the special character code from '&' to %HEX for database reasons.
