 |
|
|
| View previous topic :: View next topic |
| Author |
Message |
adpaster79
Joined: 30 Apr 2007
Posts: 15
|
 Posted: Wed Nov 11, 2009 9:43 am Post subject: Inserting inform in the database |
 |
|
The below information is being inserted in the database(&,"). When I display the information, it is also being displayed (&,").
'&' (ampersand) becomes '&'
'"' (double quote) becomes '"'
| Code: |
// set input validation rules
//Validation Process
$form->applyFilter('__ALL__','trim');
if($form->validate()) {
//post-validate filters comes here
$form->applyFilter('__All__', 'addslashes'); //apply it to all elements
$form->applyFilter('__All__', 'htmlentities');//apply it to all elements
//$form->applyFilter('b','nl2br');
//invoke the store_address_info function to store the user information
// in the database
//$form->freeze();
$form->process('store_address_info',false);
}
|
Note: magic_quotes_gpc is disabled per the phpinfo().
Should addslashes be replaced with mysql_real_escape_string()?
Is htmlentities required when inserting data in the database?
Is htmlentities used by QF internally?
Thanks in advance. |
|
| Back to top |
|
 |
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
FAQ
Search
Memberlist
Register
Profile
Log in to check your private messages
Log in
