Page 1 of 1

PHP automatically escaping " in form inputs...

Posted: Fri Jul 09, 2004 4:27 pm
by batfastad
Hi guys,

I'm fairly new to PHP but I've got to grips with the basics and I have started writing many of my own scripts to process form input and e-mail it.

On one form I have a few text inputs and I noticed that if I put a " character in the input, PHP automatically escapes the character.

I'm pretty sure I didn't do any code to do this myself!
Clever though, because I guess it would stumble without automatically escaping the "s.

In the resulting e-mail, any " characters are automatically changed to \"
This makes the e-mail look pretty ugly - for a confirmation e-mail to be sent to the client!

My question...
In the forms there's 20-30 form inputs, so I know I could probably patch out a script to substitute each ocurrence of \" with just " for each of the input fields.
But to do that for each input field would require too much time to set-up and wouldn't be that efficient. I like neat tidy code.

Can anyone work out a way to scan all the variables and substitute each ocurrence of \" with just " in one go at the start of the script or something?

I'm sure there has to be a better way than me just checking each variable when it's allocated at the start of the script - it turns a 250 line script into a 500 line script at least.

Any ideas?

Posted: Fri Jul 09, 2004 5:02 pm
by feyd
check into [php_man]stripslashes[/php_man] but make sure to also check against [php_man]get_magic_quotes_gpc[/php_man] before using it..

Posted: Fri Jul 09, 2004 5:29 pm
by McGruff
Also, have a read through the Starter Pack (sticky) and check out the "Magic Quotes are Evil" link.

Posted: Sun Jul 11, 2004 6:17 pm
by batfastad
Excellent!!

Thanks for your help guys - I now detect whether magic quotes are on and adjust the output accordingly.

I had no idea that was a config option - pretty useful in certain contexts though for just outputting a string to HTML, unecessary for my uses.

Thanks again.