sanitization for wysiwyg editor

Question

i am using a wysiwyg editor , if i use strict sanitizing rules then all the tags are getting stripped , i just want to prevent sql injection , how can i do it

currently i am just using code something like

$something= $_POST['content'];

$insert = "INSERT INTO database (content) VALUES($something)";

(not using any sanitization)

and directly adding it into database ... how can i validize the input without my tags from wysiwyg editor getting stripped

possible duplicate of [How can I prevent SQL-injection in PHP?](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) — PM 77-1, Feb 15 '15 at 21:19

score 0 · Accepted Answer · answered Feb 15 '15 at 21:28

0

If you use editor , sanitization text input via HTML Purifier Class : http://htmlpurifier.org/

answered Feb 15 '15 at 21:28

Mohammad

28
2
7

its overkill for simple user input sanitisation – Feb 15 '15 at 21:30

sanitization for wysiwyg editor

1 Answers1