Php updating database China sex chat without registration
So I've used entities ENT_QUOTES instead of htmlspecialchars.First the mysql_real_escape_string() which causes a \ in my old My SQL version, then ENT_QUOTES to convert " to " and ' to ' :- The database still shows the \" and \' but the web page shows " and ' which is what I want; but my newer My SQL version in Wamp Server doesn't show the \ in the database.Having used 'OR 1' in submitting the form I notice that it is still displayed as 'OR 1' in the database, so I'm still trying to work out whether the escape string has done what it should.I thought it was supposed to show as \'OR 1\' in the database but perhaps it will work if I use the field in code like SELECT FROM into an input and tried to add a new record, I'd get an error saying my SQL query was malformed (caused by the text I entered into the input.) With the mysql_real_escape_string() in place, I can enter that same text in the input and it automatically escapes it and I get no errors.It was all set up and working before I saw this topic and tried adding mysql_real_escape_string().My code structure is totally different from your's.If all " and ' are converted to " and ' before entering the database, why is there a need for mysql_real_escape_string() if htmlspecialchars or ENT_QUOTES is used? Google has lots of posts that mysql_real_escape_string() is not as good as it makes out to be and in my case it would stop the \ if I just relied on htmlspecialchars like you did originally or ENT_QUOTES to convert ' as well as "?The up to date My SQL seems to give no problems; the above is just for my old My SQL version.
I've now got a clumsy code where the first part of the php code before the mysql_connect takes the form data:- So it works with text and names which have ' and presumably has the injection protection and I expect I can make the code a bit simpler.
As I can't get my host to update my My SQL today, I've looked for an alternative.