-1

How to properly log out an easy html code to a database to make it secure? I have lift and I am getting html code. If I use htmlspecialchars, I'll throw in & gt; e.t.c.

How to do it correctly and safely?

I would like to add that every user can insert articles.

Ok, I added: mysqli_real_escape_string + trim to remove unnecessary white characters. The html code is thrown into the database. This is ok? I added alert (1); and the code was done. How to prevent this?

d.stepien
  • 7
  • 2
  • 1
    Possible duplicate of [Inserting html code in a mysql table](https://stackoverflow.com/questions/2371093/inserting-html-code-in-a-mysql-table) – Mohammad Apr 11 '19 at 09:21
  • check this function [addslashes](https://www.php.net/manual/en/function.addslashes.php) – Mohammad Apr 11 '19 at 09:21

1 Answers1

0

You can use real_escape_string() to insert HTML Code it will treat your whole html code as string and allow special charecters to get inserted for more info you can check manual here: https://www.php.net/manual/en/mysqli.real-escape-string.php

Varun Malhotra
  • 1,202
  • 3
  • 15
  • 28
  • Ok, I added: mysqli_real_escape_string + trim to remove unnecessary white characters. The html code is thrown into the database. This is ok? I added – d.stepien Apr 11 '19 at 09:31