zero_ZX Posted September 3, 2011 Share Posted September 3, 2011 Hi, I'm sure many of you heard of "pastebin", if not the short of it, is that you can submit your code (+100 languages), and you can display it to your friends via a link with syntax highlighting available. So, One way to store the code is surely in txt files, but I would really prefer to have it stored in a mysql database. My only concern is people trying to run a sql injection, so how do i get around all this? I don't want the user's content to be changed, but I don't want SQL injections either.. is this even possible at all? Any tips appreciated, also if you could think of another alternative than txt files and mysql. Quote Link to comment Share on other sites More sharing options...
Psycho Posted September 3, 2011 Share Posted September 3, 2011 Use mysql_real_escape_string() on any string input being stored in the database. And, you will want to use htmlentities() before displaying to the page - else it could be interpreted as code in the HTML page and either not be rendered, cause display issue, or - worse - cause an XSS attack. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.