PHP automatically escaping " in form inputs...

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
batfastad
Forum Contributor
Posts: 433
Joined: Tue Mar 30, 2004 4:24 am
Location: London, UK

PHP automatically escaping " in form inputs...

Post by batfastad »

Hi guys,

I'm fairly new to PHP but I've got to grips with the basics and I have started writing many of my own scripts to process form input and e-mail it.

On one form I have a few text inputs and I noticed that if I put a " character in the input, PHP automatically escapes the character.

I'm pretty sure I didn't do any code to do this myself!
Clever though, because I guess it would stumble without automatically escaping the "s.

In the resulting e-mail, any " characters are automatically changed to \"
This makes the e-mail look pretty ugly - for a confirmation e-mail to be sent to the client!

My question...
In the forms there's 20-30 form inputs, so I know I could probably patch out a script to substitute each ocurrence of \" with just " for each of the input fields.
But to do that for each input field would require too much time to set-up and wouldn't be that efficient. I like neat tidy code.

Can anyone work out a way to scan all the variables and substitute each ocurrence of \" with just " in one go at the start of the script or something?

I'm sure there has to be a better way than me just checking each variable when it's allocated at the start of the script - it turns a 250 line script into a 500 line script at least.

Any ideas?
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

check into [php_man]stripslashes[/php_man] but make sure to also check against [php_man]get_magic_quotes_gpc[/php_man] before using it..
McGruff
DevNet Master
Posts: 2893
Joined: Thu Jan 30, 2003 8:26 pm
Location: Glasgow, Scotland

Post by McGruff »

Also, have a read through the Starter Pack (sticky) and check out the "Magic Quotes are Evil" link.
User avatar
batfastad
Forum Contributor
Posts: 433
Joined: Tue Mar 30, 2004 4:24 am
Location: London, UK

Post by batfastad »

Excellent!!

Thanks for your help guys - I now detect whether magic quotes are on and adjust the output accordingly.

I had no idea that was a config option - pretty useful in certain contexts though for just outputting a string to HTML, unecessary for my uses.

Thanks again.
Post Reply