How to preserve hyperlink when submitting via php form into MySQL

Question

Hi All,

I've created a form that stores free text fields into a MySQL database.

All works fine and the data is displayed back as intended when viewed. Except for one niggle.

In an attempt to prevent malicious attacks I have used mysql_real_escape_string to remove any unwanted code from the input.

However, I need to be able to preserve hyperlinks and basic html.

For example, I want to store the following:

<p align="left">Please follow this <a href="link.html">link</a></p>

But the link is being stored as \"link.html\" as the quotes are being escaped.

How can I preserve this link and other html?

Many thank

TT

Answer 1

This looks like you quote string twice. Did you turn off magic_quotes_gpc in your php.ini?

Answer 2

That's not mysql_real_escape_string() doing that - I suspect it's actually magic quotes

Answer 3

You can use the PHP function stripslashes to remove the escaping slashes from the quotes:

echo stripslashes($textos);

Answer 4

Using PHP5, the best way is to use prepared statements with the PDO extension - this handles everything for you.