Skip to content

Instantly share code, notes, and snippets.

@jgwill
Last active November 7, 2018 22:49
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save jgwill/d2528edabcd3741f22fc0421808abf93 to your computer and use it in GitHub Desktop.
Save jgwill/d2528edabcd3741f22fc0421808abf93 to your computer and use it in GitHub Desktop.
MySQL Escape HTML char from a SQL view so right out of SQL the Text is Safe for browser
--Fix inserting Script into code being executed
select `af_chat`.`tbl_chat`.`Id` AS `Id`,`af_chat`.`tbl_chat`.`Tlid` AS `Tlid`,
replace(replace(replace(
`af_chat`.`tbl_chat`.`ChatLine`,'&','&amp;'),'<','&lt;'),'>','&gt;')
AS `ChatLine`,
replace(replace(replace( `af_chat`.`tbl_chat`.`Category`,'&','&amp;'),'<','&lt;'),'>','&gt;')
AS `Category`,
replace(replace(replace(`af_chat`.`tbl_chat`.`Tags`,'&','&amp;'),'<','&lt;'),'>','&gt;')
AS `Tags`,
`af_chat`.`tbl_chat`.`Note` AS `Note`,`af_chat`.`tbl_chat`.`idea_id` AS `idea_id`,`af_chat`.`tbl_chat`.`DTCreated` AS `DtCreated`,`af_chat`.`tbl_chat`.`Idug` AS `Idug`,`af_chat`.`tbl_chat`.`CIdug` AS `CIdug`,`af_chat`.`tbl_chat`.`CTlid` AS `CTLid` from `af_chat`.`tbl_chat` order by `af_chat`.`tbl_chat`.`Id`
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment