Clean string before insert in database

michaelctorres / clients-oriented-ftp

Automatically exported from code.google.com/p/clients-oriented-ftp

0 stars 0 forks source link

Clean string before insert in database #164

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago

When insert a string (name, description) in database which contain a special 
caraters (ex: éàèç) this isn't convert in html entities

In include/functions.php add this :

function encode_html($str) {
    $str = htmlentities($str, ENT_QUOTES);
    $str = mysql_real_escape_string($str);
    $str = nl2br($str);

    return $str;
}

For display correctly after use this function use html_entity_decode()

Original issue reported on code.google.com by k.flipf...@gmail.com on 25 Sep 2012 at 11:45

GoogleCodeExporter commented 8 years ago

Patch to add clean string function for user and client but i don't find for the 
file.

ex: the file name "été.xls" in file upload_process_form.php the file == 
"_t_.xls" and the filename == " t .xls". I'm suppos the file is rename by 
plupload script.

Original comment by k.flipf...@gmail.com on 26 Sep 2012 at 12:10

Attachments:

clean_string.patch