Sticky <textarea> slashes

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
seodevhead
Forum Regular
Posts: 705
Joined: Sat Oct 08, 2005 8:18 pm
Location: Windermere, FL

Sticky <textarea> slashes

Post by seodevhead »

I have a form that contains a <textarea> that I am making sticky...

When the form is submitted with whatever the user typed in, mysql_real_escape_string() adds slashes to necessary items, however when the form reloads with the 'sticky' contents, I see all the slashes in the form's contents? How do I get rid of the slashes and still make it safe? Thanks.
User avatar
Jenk
DevNet Master
Posts: 3587
Joined: Mon Sep 19, 2005 6:24 am
Location: London

Post by Jenk »

First off, make sure you are using mysql_real_escape_string() wisely/properly with regards to magic_quotes:

Code: Select all

<?php

function SQLClean ($string) {
    if (get_magic_quotes_gpc()) {
        $string = stripslashes($string);
    }
    return mysql_real_escape_string($string);
}

?>
What do you mean by sticky? Such as forums have for threads that "stick" to the top of the page? Covered in adhesive goop? :)

What happens to the content of the textarea after the user clicks submit? Is mysql involved?

Details! We need details!
User avatar
twigletmac
Her Royal Site Adminness
Posts: 5371
Joined: Tue Apr 23, 2002 2:21 am
Location: Essex, UK

Post by twigletmac »

You shouldn't need to escape the string before you put it into the database - are you running the function before you do your validation?

Mac
User avatar
Jenk
DevNet Master
Posts: 3587
Joined: Mon Sep 19, 2005 6:24 am
Location: London

Post by Jenk »

twigletmac wrote:You shouldn't need to escape the string before you put it into the database
Whoah! Careful! Yes you do!
User avatar
twigletmac
Her Royal Site Adminness
Posts: 5371
Joined: Tue Apr 23, 2002 2:21 am
Location: Essex, UK

Post by twigletmac »

Jenk wrote:
twigletmac wrote:You shouldn't need to escape the string before you put it into the database
Whoah! Careful! Yes you do!
Sorry - that reads very badly - I mean you don't need to escape it if all you're going to do is echo it back in the textarea, you do need to escape it just before you put it into the database.

Mac
Post Reply