escaping

Im using smarty and mysql_real_escape_string() for user input, and when I insert some code with ' or " , and lookup in phpmyadmin it shows without backslashes. When I get record from DB i doesn't have backslashes also. But when I just pass escaped string without inserting into the db it is backslashed. Shouldn't it add slashes, insert with them and then I would strip them when i would output? Or am I missing something? You're missing it - escaping with backslashes is meant to ensure that queries aren't malformed, e.g. something like this will surely break and possibly risk SQL injections:

Is there any security risk in escaping other special characters but leaving ampersands untouched when displaying user-generated/submitted information? I'd like to let my user input html entities, hex, and decimal special characters freely without adding unnecessary complexity to my sanitizer. tldr; Leaving in ampersands (or other "special characters") is not a security issue if coded correctly . That is, the output/use is of importance, not the input . It all depends on how the data is used in the end. Doing a <input value="<? echo $input ?>" /> is not correctly coded , for arbitrary input,

How do i escape the following: .prefix(@rule, @prop) { -webkit-@{rule}: @{prop}; -moz-@{rule}: @{prop}; -o-@{rule}: @{prop}; -ms-@{rule}: @{prop}; @{rule}: @{prop}; } I've tried a bunch of different ways, wrapping it in ~"stuff" , wrapping the variables in @{var} , backslashing the - 's... no success! Edit: There's a pull req for it on Github: https://github.com/cloudhead/less.js/pull/698 Update for LESS 1.6+ Your original plan almost works with the LESS 1.6 update . This is the syntax needed: LESS .prefix(@rule, @prop) { -webkit-@{rule}: @prop; -moz-@{rule}: @prop; -o-@{rule}: @prop; -ms-@

I'd like to escape ":" and/or "=" as the name in a configuration file. Does anyone know how to achieve this? I try backslash "\", it does not work. skrrgwasme If you're using Python 3, you don't need to. Look at the Python docs section on Customizing Parser Behavior . By default, configparser uses ":" and "=" as delimiters, but you can specify different delimiters when you create the configparser object: import configparser parser = configparser.ConfigParser(delimiters=('?', '*')) In this example, the default delimiters have been replaced with a question mark and an asterisk. You can change

I'm doing MVC in PHP, and i'd like to have a list() method inside my Controller, to have the URL /entity/list/parent_id, to show all the "x" that belong to that parent. However, I can't have a method called list(), since it's a PHP reserved keyword. In VB.Net, for example, if I need to have something with a name that clashes with a reserved keyword, I can wrap it in [reserved_name]. In SQL, you can do the same thing. In MySQL, you use the backtick ` Is there some syntax in PHP that specifies "treat this as an identifier, not as a keyword"? (NOTE: I know I can use routes to do this without

In our web service we set a cookie through JavaScript wich we read again in Java (Servlet) However we need to escape the value of the cookie because it may contain illegal characters such as '&' which messes up the cookie. Is there a transparent way to escape (JavaScript) and unescape again (Java) for this? Valentin Rocher In java you got StringEscapeUtils from Commons Lang to escape/unescape. In Javascript you escape through encodeURIComponent , but I think the Commons component I gave to you will satisfy your needs. Client JavaScript/ECMAScript: encodeURIComponent(cookie_value) // also

It is pretty clear that a web server has to decode any escaped unreserved character (such as alphanums, etc.) to do the URI comparison. For example, http://www.example.com/~user/index.htm shall be identical to http://www.example.com/%7Euser/index.htm . My question is, what are we gonna do with the escaped reserved characters? An example would be %2F , or / . If there is an %2F in the request URI, should the parser of web server replace it with a / ? In the above example, it would mean that http://www.example.com/~user%2Findex.htm would be the same as http://www.example.com/~user/index.htm ?

I've using CKEditor for updating CMS content on my website. I also using FontAwesome, which includes set of fancy icons, that can be displayed like this <i class="icon-envelope"></i> The problem is that CKEditor escapes this i tag on client side, and I can't see it in source mode. How I can allow this tag? I have tried CONFIG.removeFormatTags = '' , but it dies not help. It is removed because it is empty. Put some non-breaking space   or zero-width space ​ within it to preserve your tag. You can also remove i from CKEDITOR.dtd.$removeEmpty object. This may, however, break other empty <i> tags