How to preserve hyperlink when submitting via php form into MySQL
Question
I've created a form that stores free text fields into a MySQL database.
All works fine and the data is displayed back as intended when viewed. Except for one niggle.
In an attempt to prevent malicious attacks I have used mysql_real_escape_string to remove any unwanted code from the input.
However, I need to be able to preserve hyperlinks and basic html.
For example, I want to store the following:
<p align="left">Please follow this <a href="link.html">link</a></p>
But the link is being stored as \"link.html\" as the quotes are being escaped.
How can I preserve this link and other html?
Many thank
TT
Solution
You can use the PHP function stripslashes to remove the escaping slashes from the quotes:
echo stripslashes($textos);
OTHER TIPS
This looks like you quote string twice. Did you turn off magic_quotes_gpc
in your php.ini?
That's not mysql_real_escape_string() doing that - I suspect it's actually magic quotes
Using PHP5, the best way is to use prepared statements with the PDO extension - this handles everything for you.