php - real_escape_string not cleaning up entered text -

-

i thought proper way "sanitize" incoming data html form before entering mysql database use real_escape_string on in php script, this: 

$newsstoryheadline = $_post['newsstoryheadline']; $newsstoryheadline = $mysqli->real_escape_string($newsstoryheadline); $storydate = $_post['storydate']; $storydate = $mysqli->real_escape_string($storydate); $storysource = $_post['storysource']; $storysource = $mysqli->real_escape_string($storysource); // etc.

and once that's done insert data db this:

$mysqli->query("insert newsstoriestable (headline, date, dateadded, source, storycopy) values ('".$newsstoryheadline."', '".$storydate."', '".$dateadded."', '".$storysource."', '".$storytext."')");

so thought doing take care of cleaning invisible "junk" characters may coming in submitted text.

however, pasted text copied web-page html form, clicked "submit" - ran above script , inserted text db - when read text back db, discovered piece of text did still have junk characters in it, such –.
, junk characters of course caused php script wrote retrieves information db crash.

so doing wrong?

is using real_escape_string not way go here? or should using in conjunction else? or, there should doing (like more escaping) when reading reading data out the mysql database?

(i should mention i'm objective-c developer, not php/mysql developer, i've unfortunately been given task db stuff - hence question...) thanks!

your assumption wrong. mysqli_real_escape_string’s intention escape characters resulting string can safely used in mysql string literal. that’s it, nothing more, nothing less.

the result should passed data retained, including ‘junk’. if don’t want ‘junk’ in database, need detect, validate, or filter before passing to mysql.

in case, ‘junk’ seems due different character encodings: input data seems encoded utf-8 while it’s later displayed using windows-1250. in scenario, character (u+2013) encoded 0xe28093 in utf-8 represent 3 characters â, , , in windows-1250. properly declaring document’s encoding fix this.


Comments

Post a Comment

Popular posts from this blog

css - Which browser returns the correct result for getBoundingClientRect of an SVG element? -

-
this svg contains rect overflows svg element: <svg id='svg' width='10' height='10'> <rect x='-10' y='-10' width='30' height='30'/> </svg> chrome 28 , opera 12 return getboundingclientrect() svg element width , height of 10. firefox 23 reports width , height of 30. correct? jsfiddle the relevant spec cssom , delegates svg spec if svg element not "have associated css layout box". haven't found definition of "having associated css layout box", correct result seem hinge on definition, getbbox returns 30x30 rect in browsers. this firefox bug fixed now, fix in firefox nightlies , should make through firefox 33 released on 14 october 2014. see bug 530985 details.
Read more

gcc - Calling fftR4() in c from assembly -

-
i trying asm fft implementation www.embeddedsignals.com work. running make gives error: undefined reference fftr4(short*, short*, int) at top of asm have .syntax unified .thumb .global fftr4 .type fftr4, %function and there #define's associate c functions arguments registers followed macros fftr4 function uses. after that, fftr4 called .thumb_func fftr4: stmfd sp!, {r4-r11, lr} mov tmp0, #0 // bit reversed counter mov tmp1, #0 .word 0xf3a2fa92 //rbit r3,r2 //rbit r,n lsl r,#3 and c code follows: void fftr4(short *y, short *x, int n); short x[512]; short y[512]; int i; void loop() { (i=0;i<512;i++) x[i]=0; (i=0;i<512;i=i+8) { x[i+0]=16384; x[i+2]=16384; x[i+4]=-16384; x[i+6]=-16384;} fftr4(y, x, 256); serialusb.println(y[128]); serialusb.println(y[129]); serialusb.println(y[384]); serialusb.println(y[385]); // expected results: //y[128]is 8191; y[129] -8190 y[
Read more

Function that returns a formatted array in VBA -

-
i have function prints excel data text file in array format following: [ ['id', 'label', 'longitude', 'latitude', 'country', 'region', 'ttl_wt_flw_thru', 'sum-of-bol-wt', 'count of wdr_ref', 'ratio'], ['aeauh', 'abu dhabi, united arab emirates', 54.3666667, 24.4666667, 'ae', 'eame', 66, 30, 8432, 281.066666666667], ['aedxb', 'dubai, united arab emirates', 55.307485, 25.271139, 'ae', 'eame', 682, 3, 8369, 2789.66666666667] ] my code writing array is: function fillsourcearray() dim long, j long, s string dim lastrow double dim s1 string 'opens file filepath = filepath & "dataarray" & ".txt" open filepath output #1 'read source data dataarray = sheets("nodes").cells(1).currentregion.value 'determine lastrow lastrow = sheets("nodes").range
Read more