I’m having problems getting the right combination of escaping functions to:
1. Clean the data for database insertion and
2. Get it back out properly
The input form has a text area, and the users like pasting from Word, which copies all sorts of hidden “garbage” characters into the form as well. So anything that’s not useful text has to go. Characters like quotes and apostrophe’s are allowed.
I’m trying to use:
[code=php]
mysql_real_escape_string(rawurlencode(htmlentities(strip_tags($Value))));
and then:
[code=php]rawurldecode($Value)
to get it out.
The problem is, if
[CODE]Bob’s text
goes in,
[CODE]Bob’s text
come out.
Somehow an escaping slash is getting in there. rawurlencode adds the slash as unicode 5C, and rawurldecode should remove it, but doesn’t.
Maybe the mysql_real_escape_string function is interfering?
What functions do you recommend for cleaning MS garbage characters, and safely inserting, retrieving and displaying chunks of text?