1

Well, I want to know some tips about PHP and MySQL.

When I get data from user then I use the following validation:

mysql_real_escape_string()
or
htmlentities()
or
trim()

Is it a secure way to get data from the user?

And what is the best way to retrieve data from Mysql database? I used nl2br(), but if i submit I'm here Then it shows I\'m here. It should be showing I'm here. I don't know what the correct method is.

Improve this question
5
  • Neither of these functions do validation. And whether it’s safe to use the output of these functions depend on how you use those values. So how do you use these functions? Commented Feb 5, 2012 at 16:43
  • 2
    Switch to PDO and please please please turn off magic quotes for the better of humanity. Commented Feb 5, 2012 at 16:44
  • @PeeHaa Thanks for this idea. But I think it's already OFF from php 5.0. is it? Commented Feb 5, 2012 at 16:45
  • @user1161867: No. Well, at least I had to turn it off manually on my installation. That was PHP 5.2.17 on Windows. Commented Feb 5, 2012 at 16:46
  • Refer to stackoverflow.com/questions/60174/… Commented Feb 5, 2012 at 16:48

1 Answer 1

Reset to default
1

When inserting data into a database, you'll use mysql_real_escape_string; not htmlentities. Or even better, MySQLi - or even better, PDO.

When you're outputting data from the database that might not be secure, you'll probably use htmlentities then.

To stop the slashes, turn magic quotes off.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Thanks @minitech. So htmlentities is secure? Any other method?
@user1161867: Yes, it's secure for HTML output. Just remember to use it. Oh, and there's also htmlspecialchars.
@user1161867: You can mix them, but it's good to be consistent. And don't use both, things will break :)

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.