-1
4

4 回答 4

3

It is not related to database, it is related to strip_tags() function which strips HTML and PHP tags from a string

于 2013-03-15T20:36:02.363 回答
1

when I put in '<' or '>' i receive blanks in my database.

That's what the strip_tags method does

and when I put in '☺' or '☻' i receive '?' as an input.

That's an encoding problem.

As for

Security of my database is at first priority

I suggest you migrate your code to prepared statements (mysqli or pdo).

于 2013-03-15T20:37:53.697 回答
0

Use htmlentities or htmlspecialchars instead of strip tags. Strip tags removes any HTML tags from the string. The two functions I mentioned convert the HTML tags into html entities (a textual representation of that character eg &lt;) which means they can be outputted on a page as text and not be parsed as HTML by the browser.

于 2013-03-15T20:40:40.533 回答
0

Thank you guys for your help. I found the issue. The code that I am editing was changing the special character code from '&' to %HEX for database reasons.

于 2013-03-19T13:18:23.570 回答