Hi Donovan, One of the things that I found really helpful was to use PDO for the database connections. Whilst it's a little different than using the mysql_query () functions, the way that it escapes strings in and out of the database automatically turned into a real godsend. There's a little tutorial and guide at http://www.phpro.org/tutorials/Introduction-to-PHP-PDO.html which shows you how it all works and was quite helpful for me. Andrew -----Original Message----- From: Donovan Brooke [mailto:lists@xxxxxxx] Sent: 28 January 2011 18:40 To: php-db@xxxxxxxxxxxxx Subject: stripslashes ( encodings to from MySQL ) Hello, I use mysql_real_escape_string() to escape data for db population. ie. ..form.. <textarea><?PHP stripslashes($dbvar); ?></textarea> ..recieving form input before db update.. $var =mysql_real_escape_string($var); My question is regarding when wanting to allow HTML within a database... Will stripslashes also take out the slashes from something like this?: <span style="color:red;">some text</span> That would effectively negated the ability to use HTML/CSS in your db. If so, how do you get around this with safe data entry? TIA, Donovan -- D Brooke -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
