View Single Post
Old 07-23-07, 07:42 PM   #5
Registered User
Join Date: Jul 2005
Posts: 3,606
Default Re: Save coding to database

Two things, and I'm not being critical, but rather trying to be helpful.

1) From a security perspective, never, never trust user input. In this case you need to be sure to escape the mysql input or you'll end up with a fatal SQL injection vulnerability. Use the function mysql_real_escape_string();

2) \r\n are injected from multi-line text-area, because you're writing it out in another page you need to convert \r\n to a HTML <br> tag or use the <pre> HTML entity to have it properly treat \r\n.

What I think you should do:

Understand I'm not being critical one bit but with respect to #1 I can't pound that into your head enough I'm always glad to help in any way I can, welcome to NVNews.
evilghost is offline   Reply With Quote