I am trying to read in text from a text box and store it into my database. Security of my database is at first priority and special characters are second. At the moment users can use basic special characters (!@#...ect) but not greater than or less than(<>) or (☺☻♥).
This is what the code looks like at the moment.
$temp = $tableName.".".$fieldName." = '".mysql_real_escape_string(strip_tags($fieldValue))."'";
when I put in <
or >
i receive blanks in my database.
and
when I put in ☺
or ☻
i receive ?
as an input.
Any input on this would be nice. Thank you.
when I put in '<' or '>' i receive blanks in my database.
That's what the strip_tags method does
and when I put in '☺' or '☻' i receive '?' as an input.
That's an encoding problem.
As for
Security of my database is at first priority
I suggest you migrate your code to prepared statements (mysqli or pdo).