1. Home
  2. Forums Index
  3. WebmasterWorld / Webmaster General 4:20 am May 22, 2026

Forum Moderators: phranque

Message Too Old, No Replies

Special HTML chars rocking me!

         

YamahaR1

6:29 am on Mar 18, 2005 (gmt 0)

10+ Year Member



Here is what I have.

$body=$_POST['body'];
$body = str_replace ( '\"', '"', $body );

And its NOT removing the quotes! The user is placing QUOTES inside the body text, and its blowing away my MySQL string, by putting quotes in there.

I tried htmlspecialchars, ENT_QUOTES, and htmlentities, and then doing it manually like above.

When I display the result string? Its the SAME. Quotes are still there, and still no query. Why?

jorj

7:02 am on Mar 18, 2005 (gmt 0)

10+ Year Member



addslashes() is what you want. htmlspecial function is for avoiding tags into the output text.
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. WebmasterWorld / Webmaster General 4:20 am May 22, 2026