I have a form that contains a <textarea> that I am making sticky...
When the form is submitted with whatever the user typed in, mysql_real_escape_string() adds slashes to necessary items, however when the form reloads with the 'sticky' contents, I see all the slashes in the form's contents? How do I get rid of the slashes and still make it safe? Thanks.
Sticky <textarea> slashes
Moderator: General Moderators
- seodevhead
- Forum Regular
- Posts: 705
- Joined: Sat Oct 08, 2005 8:18 pm
- Location: Windermere, FL
First off, make sure you are using mysql_real_escape_string() wisely/properly with regards to magic_quotes:
What do you mean by sticky? Such as forums have for threads that "stick" to the top of the page? Covered in adhesive goop? 
What happens to the content of the textarea after the user clicks submit? Is mysql involved?
Details! We need details!
Code: Select all
<?php
function SQLClean ($string) {
if (get_magic_quotes_gpc()) {
$string = stripslashes($string);
}
return mysql_real_escape_string($string);
}
?>What happens to the content of the textarea after the user clicks submit? Is mysql involved?
Details! We need details!
- twigletmac
- Her Royal Site Adminness
- Posts: 5371
- Joined: Tue Apr 23, 2002 2:21 am
- Location: Essex, UK
- twigletmac
- Her Royal Site Adminness
- Posts: 5371
- Joined: Tue Apr 23, 2002 2:21 am
- Location: Essex, UK
Sorry - that reads very badly - I mean you don't need to escape it if all you're going to do is echo it back in the textarea, you do need to escape it just before you put it into the database.Jenk wrote:Whoah! Careful! Yes you do!twigletmac wrote:You shouldn't need to escape the string before you put it into the database
Mac