I'm currently trying to setup a comment system with TinyMCE, it's all working with normal characters and PHP tags and so on. But when I comment with this ed o'neill
, it just inserts an empty row in my db.
I have htmlspecialchars
and mysqli_real_escape_string
on the input from my form.
How can I fix the empty row insert?
$post_content = $_POST['post_content'];
//$post_content = htmlspecialchars($post_content);
//$post_content = mysqli_real_escape_string($post_content);
Take a look at prepared statements, it will do all the escaping for you
EDIT: Here's the link to the PHP manual, courtesy of Fred -ii-
You have commented some of your code but mysqli_real_escape_string
requires 2 parameters see for more information here
string mysqli_real_escape_string ( mysqli $link , string $escapestr );
Your code should be :
$post_content = mysqli_real_escape_string($connection,$post_content); //$connection should be your database connection string
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.