Pregunta

I have the simple need of allowing users to enter an apostrophe into various fields that will be saved to a MySQL table via PHP. When a user looks at this information, I would like it to be echoed out without a /. What is the best way to handle this. Below are my ideas:

  • set stripslashes when echoing out content
  • Convert the apostrophe to "'" back and forth

I am also running mysql_real_escape_string and htmlspecialchars on the posted data. Is there a standardized way of handling this? Thank you!

¿Fue útil?

Solución

You may use addslashes() for entering apostrophe and as you have already said use stripslashes() for echoing. Use addslashes() only if you want to add apostrophes for more escaping functions used mysql_real_escape_string

Licenciado bajo: CC-BY-SA con atribución
No afiliado a StackOverflow
scroll top