开发者

What is the correct function to use when saving HTML data to a MySQL database?

I know this is a rather basic question, but what is the correct function to use against form input fields when HTML is inserted into a MySQL database? (mysql_real_escape_strin开发者_JAVA百科g, htmlentities, etc.)

Also, which function should be used when printing the value from the database in a text field, html page, etc.?


Use mysql_real_escape_string() when inserting in the database, and htmlspecialchars() before printing.


If you use PDO and prepared statements, you don´t have to worry that much about the data you are inserting in the database.

About the output, it depends what you need: If it´s for real html output, you cannot use htmlentities as the output will not be html anymore.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜