RyanY
Reputation: 665
pdo insert sanitizing html on server, not locally
I am inserting data from an html editor into my database. I have html purifier setup but have removed it for the example because the problem exists regardless.
GLOBAL $DB;
$queryHandle = $DB->prepare("UPDATE support SET
help = :help
WHERE id = :id");
$queryHandle->BindParam(':id', $id);
$queryHandle->BindParam(':help', PDO::PARAM_STR);
$queryHandle->execute();
$queryHandle->setFetchMode(PDO::FETCH_ASSOC);
return $queryHandle;
}
Help is the html text. Locally it works fine. When I upload my site to my server, the html comes out with \'s behind every quote. I do not have magic quotes or any other sanitization setup. Any suggestions?
Upvotes: 1
Views: 60
Answers (1)
tadman
Reputation: 211670
You have magic quotes turned on which means your server is misconfigured. Turn it off.
Upvotes: 1
Related Questions
- sanitizing data before mysql injection and xss - am i doing it right with pdo and htmlpurifier
- How do I sanitize input with PDO?
- How to safely insert data to mysql using php pdo
- Using PDO without binding
- Correct way to sanitize input in MySQL using PDO
- Should I still escape my data when inserting to custom table?
- Sanitizing text input before submitting to MySQL database
- Insert HTML code into MySQL database using PHP-PDO->Prepare Statement
- PHP PDO Sanitize variables
- Should i sanitize/filter user input and output when using PHP PDO?