PHP function to securely encode characters for multiple purposes [duplicate]

StackOverflow https://stackoverflow.com/questions/23204579

  •  07-07-2023
  •  | 
  •  

Question

I am trying to build a function (unless there is already one, I was not able to find one) that satisfies:

  • being saved in a MySQL database → mysqli_real_escape_string
  • being saved in a serialized array in a MySQL database (I had issues when unserialize failed)

as for output:

  • doesn't interfer with HTML → utf8_encode(htmlentities($source, ENT_QUOTES | ENT_HTML401, 'UTF-8'));
  • doesn't interfer with it being a query in an URL, thus encoding the '&','%'

Please give me any advice if there is an idea on how to improve secure encoding.
And I am not sure about the functions give, whether they are the best to be used.

I also had issues with non-printable characters and tried
PHP: How to remove all non printable characters in a string? $s = preg_replace('/[\x00-\x08\x0B\x0C\x0E-\x1F\x80-\x9F]/u', '', $s);

EDIT
Because of the diversity of this question, I want to substantiate the question on how to clean a string that is an element of an array that is put with serialize() in a database ´?

For instance, I had a failure when trying to unserialize after having put a string containing a newline (\n or \r) into an string element of an array that has been serialized successfully...

EDIT_2
The reason for why I have tried to issue encoding HTML entities before saving them into the DB using mysqli_real_escape_string() is that when recalling/loading this object from the DB, the data has changed. For example a user wants to put the string test'test into the database that is encoded by mysqli_real_escape_string() to test\'test and then when loaded from the DB it's still test\'test whcih is NOT what the user wants to have neither what he has sent . Please if you could find a solution for this -- mine was to apply sth. like where mysqli_real_escape_string() had no effect as the quotes have already been HTML encoded.

Was it helpful?

Solution

From the top of my head, I feel you should try json_encode and json_decode

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top