0

Before i call this question, yes i know mysql_query is a bad practice but i need to fix this first then in the near future i will move to PDO or something ok..

I have a code that works perfectly in localhost using php 5.4 the problem is when i load it in server, everything works fine, there is just one error, that at this moment , im blind at it.

On a description field, for a kind of articles in a blog, i use elrte and elfinder editor, the problem is when i send a image to store in de Database, i have different results.

In local i do store the <img src="folder/ok/img.jpg"> but in the server for some reason the same files, and code store that in the database as <img src="\&quot;/folder/ok/img.jpg\&quot;" >

This must be related to this lines (the description file is going on $desc)

if(isset($_POST['submit'])){

            //protect and then add the posted data to variables
            $titulo = protect($_POST['titulo']);
            $desc = mysql_real_escape_string ($_POST['desc']);
            $cat_id = protect($_POST['cat_id']);

But can somebody explain this behaviour, cause im blind at this, also i know there are security issues on this, but well at least we are not storing any NASA info.

hope anyone can help me on this

4

2 回答 2

1

Without having looked too far into it, mysql_real_escape_string is deprecated and you should use mysqli_real_escape_string() now (which goes with the new mysqli lib)

于 2013-10-01T03:13:10.153 回答
0

Are you sure $_POST['desc'] is the same on localhost and server? Maybe your POST request is being formed incorrectly

于 2013-10-01T03:15:34.070 回答