0

i'm working on project that some people can make post

and this post can have a code like php css html javascript ect

how can i insert php and another programming code to my database without any effect

(i mean by safety )

for me i'm using pdo with mysql database

i tried to upload the code to my database and when i fetch the information my html and css page changed to something else like what i upload from css

and i dont know if there was any php effect for this.

again what i mean is something like what stack-overflow use for to secure his database when we insert code to our post

is there is any library or something that i don't know ?

thank you soo much :)

badr aldeen
  • 448
  • 7
  • 22
  • Google PDO. Use prepared statements. – elixenide Sep 06 '15 at 17:33
  • ok i know that and i use prepare statment but how this effect happen ? – badr aldeen Sep 06 '15 at 17:34
  • 1
    It sounds like you are talking about preventing XSS injections, not SQL injections. https://www.owasp.org/index.php/Cross-site_Scripting_(XSS) – chris85 Sep 06 '15 at 17:35
  • prepare statements wana be filtered my code and it will not allow to upload the code – badr aldeen Sep 06 '15 at 17:35
  • i didnt say SQL injections. in whole my post i just say securing the code with any prevent – badr aldeen Sep 06 '15 at 17:36
  • `how can i insert php and another programming code to my database without any effect` <-- that isn't the issue. The code has no affect when inserted. The issue you are encountering is on the output to the browser, right? – chris85 Sep 06 '15 at 17:38
  • there is two thing : 1 - upload the code 2- when i will fetch the info i'm fearing of php code more than the java script and the other – badr aldeen Sep 06 '15 at 17:42
  • PHP code isn't going to execute if you are just fetching it. It would/will be in a variable just stored as a string. http://stackoverflow.com/questions/1996122/how-to-prevent-xss-with-html-php – chris85 Sep 06 '15 at 17:52
  • mmmm , then that wana be safe – badr aldeen Sep 06 '15 at 18:01

1 Answers1

-1

for php code there is no problem after fetching the code if you are using pdo prepared it wana be just like any value you echo it

for the other hand you can use echo htmlspecialchars()

Abomusab Revo
  • 78
  • 1
  • 14