1

I saved some text to SQL database after filtering it with the code below to prevent SQL injection.

$text = htmlspecialchars(htmlentities($_POST['inputedTextToSave'])); 
$text = mysqli_real_escape_string($conn,$text);

Think that I am inserting the following string using the form;

The number 3 > 1

Now I want to read the data from the database. When I echo out the text from the database it displays it as follows.

The number 3 > 1

How can I prevent this and make the text display correctly without symbols and all that.

Enigma Crack
  • 81
  • 1
  • 1
  • 3
  • https://secure.php.net/manual/en/function.htmlspecialchars-decode.php – ɹɐqʞɐ zoɹǝɟ Sep 13 '15 at 02:55
  • possible duplicate of [Decoding mysql\_real\_escape\_string() for outputting HTML](http://stackoverflow.com/questions/2573332/decoding-mysql-real-escape-string-for-outputting-html) – PM 77-1 Sep 13 '15 at 02:57
  • Thanks that function did the job. – Enigma Crack Sep 13 '15 at 03:40
  • `htmlspecialchars` and `htmlentities`? That's going to double encode the entities, is that what you want? e.g. `µ` becomes `μ` then `μ` (or I'd think, untested). – chris85 Sep 13 '15 at 05:56

0 Answers0