I'm creating a web page that will allow users to paste in their code and be given a unique URL to access it later. The problem is that I am using
mysql_real_escape_string($_POST['code'])
to prevent sql injection but at the same it adds slashes to the code which means when the code is displayed at a later date, it is spoiled (slashes everywhere.)
Is there a way to 'un-escape' it when displaying the code again?
Sorry if this seems unclear or obvious, this is my first project using php.
It is echo stripslashes($code); you looking for? I think for added security you also have to like convert the special characters to html entities and strip all script tags if necessary to avoid xss attack.
See: