Decoding mysql_real_escape_string() for outputting HTML
Posted
by Peter
on Stack Overflow
See other posts from Stack Overflow
or by Peter
Published on 2010-04-04T02:17:34Z
Indexed on
2010/04/04
2:23 UTC
Read the original article
Hit count: 266
I'm trying to protect myself from sql injection and am using:
mysql_real_escape_string($string);
When posting HTML it looks something like this:
<span class="\"className\"">
<p class="\"pClass\"" id="\"pId\""></p>
</span>
I'm not sure how many other variations real_escape_string adds so don't want to just replace a few and miss others... How do I "decode" this back into correctly formatted HTML, with something like:
html_entity_decode(stripslashes($string));
© Stack Overflow or respective owner