Correct sequence of actions when using Markdown & MySQL?

Posted by Andrew Heath on Stack Overflow See other posts from Stack Overflow or by Andrew Heath
Published on 2010-05-04T10:09:51Z Indexed on 2010/05/04 10:28 UTC
Read the original article Hit count: 306

Filed under:

mysql

|

sanitization

|

markdown

|

php

I want my users to be able to write an article in Markdown, have it stored in the MySQL database (with the option to edit it in the future), and displayed for other users.

In practice, this is my understanding of how it works:

INPUT

user input via HTML form using Markdown syntax
$queryInput = mysql_real_escape_string($userInput);
insert sanitized string into database

OUTPUT

query field from database
$output = Markdown($queryResult);
display $output

Is that it?

Does PHP Markdown preclude the need for htmlspecialchars or Pure HTML ?

Thanks!

© Stack Overflow or respective owner

Related posts about mysql

How to remove MySQL completely with config and library files on ubuntu 12.04 gnome 3.0

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I tried everything till now: sudo apt-get remove mysql-server mysql-client mysql-common sudo apt-get purge mysql-server mysql-client mysql-common sudo apt-get autoremove and even more commands... But whenever I am trying to locate mysql. I get a no. of files related to mysql command: shell>>… >>> More
mysql: Cannot load from mysql.proc. The table is probably corrupted

as seen on Server Fault - Search for 'Server Fault'
Mysql was started: /usr/bin/mysqld_safe --datadir=/srv/mysql/myDB --log-error=/srv/mysql/logs/mysqld-myDB.log --pid-file=/srv/mysql/pids/mysqld-myDB.pid --user=mysql --socket=/srv/mysql/sockets/mysql-myDB.sock --port=3700 but when I'm trying to do something: ERROR 1548 (HY000) at line 1: Cannot… >>> More
Why is there a /etc/init.d/mysql file on this Slackware machine? How could it have gotten there?

as seen on Server Fault - Search for 'Server Fault'
A client of my IT-consulting service owns a web-development shop. He's been having problems with a Slackware 12.0 server running MySQL 5.0.67. The machine was set up by the client's sysadmin, who left on bad terms. My client no longer employs a sysadmin. As far as I can tell, the only copy of MySQL… >>> More
mysql: Bind on unix socket: Permission denied

as seen on Server Fault - Search for 'Server Fault'
Can't start mysql with: sudo /usr/bin/mysqld_safe --datadir=/srv/mysql/myDB --log-error=/srv/mysql/logs/mysqld-myDB.log --pid-file=/srv/mysql/pids/mysqld-myDB.pid --user=mysql --socket=/srv/mysql/sockets/mysql-myDB.sock --port=3700 120222 13:40:48 mysqld_safe Starting mysqld daemon with databases… >>> More
MySQL – Learning MySQL Online in 6 Hours – MySQL Fundamentals in 320 Minutes

as seen on SQL Authority - Search for 'SQL Authority'
MySQL is one of the most popular database language and I have been recently working with it a lot. Data have no barrier and every database have their own place. I have been working with MySQL for quite a while and just like SQL Server, I often find lots of people asking me if I have a tutorial which… >>> More

Related posts about sanitization

Skip sanitization for videos in html5lib

as seen on Stack Overflow - Search for 'Stack Overflow'
I am using a wmd-editor in django, much like this one in which I am typing. I would like to allow the users to embed videos in it. For that I am using the Markdown video extension here. The problem is that I am also sanitizing user input using html5lib sanitization and it doesn't allow object tags… >>> More
Is there a PHP library that performs MySQL Data Validation and Sanitization According to Column Type

as seen on Stack Overflow - Search for 'Stack Overflow'
Do you know of any open source library or framework that can perform some basic validation and escaping functionality for a MySQL Db. i envisage something along the lines of: //give it something to perform the quote() quoteInto() methods $lib->setSanitizor($MyZend_DBAdaptor); //tell it structure… >>> More
PHP preg_replace() pattern, string sanitization.

as seen on Stack Overflow - Search for 'Stack Overflow'
I have a regex email pattern and would like to strip all but pattern-matched characters from the string, in a short I want to sanitize string... I'm not a regex guru, so what I'm missing in regex? <?php $pattern = "/^([\w\!\#$\%\&\'\*\+\-\/\=\?\^\`{\|\}\~]+\.)*[\w\!\#$\%\&\'\*\+\-\/\=\… >>> More
Explanation of this SQL sanitization code

as seen on Stack Overflow - Search for 'Stack Overflow'
I got this from for a login form tutorial: function clean($str) { $str = @trim($str); if(get_magic_quotes_gpc()) { $str = stripslashes($str); } return mysql_real_escape_string($str); } Could some one explain exactly what this does? I know that the… >>> More
Are these two functions overkill for sanitization?

as seen on Stack Overflow - Search for 'Stack Overflow'
function sanitizeString($var) { $var = stripslashes($var); $var = htmlentities($var); $var = strip_tags($var); return $var; } function sanitizeMySQL($var) { $var = mysql_real_escape_string($var); $var = sanitizeString($var); return $var; } I got these two functions from… >>> More