Page 1 of 1

Dealing with HTML characters in PHP

Posted: Tue Nov 10, 2009 4:52 pm
by codemonkey
Hello,

I have a php script that takes what a user enters in a form and sends it to a MySQL database. (The form uses an opensource WYSIWYG to write the HTML) Problem is, when my page retreives the data from the MySQL database, it looks like this:

Code: Select all

<p style=\"font-weight: bold;\">
... and the result is that my text doesn't take on whatever properties the user gave it when submitting the form.

How do I prevent it from putting a "\" in front of every quotation?

Thanks,
-Jonathan

Re: Dealing with HTML characters in PHP

Posted: Tue Nov 10, 2009 5:27 pm
by requinix
Looks like you have magic_quotes on. It's a php.ini setting and with it on PHP will addslashes to form input and URL arguments.

Best thing you can do is turn off magic_quotes. It's a horrible thing anyways - the sooner you get rid of it, the better.

Re: Dealing with HTML characters in PHP

Posted: Tue Nov 10, 2009 5:53 pm
by codemonkey
Thank-you,

For anybody with a similar problem, here's how I solved it:

When storing the data to my variable, I added stripslashes() like this:

Code: Select all

$message = stripslashes(mysql_real_escape_string($_POST['message']));
This got rid of all the "\" and allowed my html code to work properly!

Re: Dealing with HTML characters in PHP

Posted: Tue Nov 10, 2009 10:59 pm
by requinix
Pretty sure you got that backwards.

Code: Select all

$message = mysql_real_escape_string(stripslashes($_POST['message']));