The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
#1
|
|||
|
|||
Quick question about using db-escapestring and vb Input cleaner
So I have a user inputted string ==>
i'm going to hack your table '; SELECT I want to safely enter that string into my database, so using the advice I found here, I used the vb input cleaner (using TYPE_NOHTML) on the string and then also run the $db->escape_string function prior to inputted the variable into the database. I do this and all goes well. But when I try to pull the data from the database at a later point and echo the string back out I get this as my result ==> i\'m going to hack your table \'; SELECT So it seems the \ are still in the string inside the databse. Is this normal? Should I not be running $db->escape_string on the string after doing a TYPE_NOHTML on the string. Is there anyway to remove the \'s correctly when re-displaying the strings? Thanks for any guidance on this! |
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|