I've tried addslashes, mysql_escape_string, and mysql_real-escape_string. None of them are working and I'm not sure what else to try
A:
addslashes(), mysql_escape_string() and mysql_real_escape_string() only escapes quotes to prevent SQL-injection. Ex:
<?php
$string = 'He said, "Do not quote me!"';
mysql_real_escape($string);
// string becomes: 'He said, \"Do not quote me!\"'
I'm guessing your problem lies with the less than (<) and greater than symbols (>).
If you're trying select the rows, then display the HTML for rendering, then you'll be fine just echoing out the raw HTML (minus any XSS security issue). But if you're trying to display the HTML in a input box in form, then you need to replace the literal < and > symbols with their entity equivalents (< and >).
Jason
2010-08-02 21:44:55
Here is a db entry now so you can see the issue I'm having here. It's not related to greater than or less than at all.<p> Hey,</p><p> How's it goin? I've got a couple properties lined up for you. When can we go look?</p>
Refiking
2010-08-02 21:54:56
Notice the " Â " value
Refiking
2010-08-02 21:55:27
Is that what's being inserted into the the database or what you get back when you select the row?Also, it looks like those symbols correlate to newline characters? On the page/form that submits this data, is it set to UTF8 (at the top of the HTML doctype)? And is the database set to accept that character set? Or is it set to Latin-1 or something?
Jason
2010-08-02 21:58:35