Page 1 of 1
Sticky <textarea> slashes
Posted: Wed Nov 23, 2005 7:43 pm
by seodevhead
I have a form that contains a <textarea> that I am making sticky...
When the form is submitted with whatever the user typed in, mysql_real_escape_string() adds slashes to necessary items, however when the form reloads with the 'sticky' contents, I see all the slashes in the form's contents? How do I get rid of the slashes and still make it safe? Thanks.
Posted: Wed Nov 23, 2005 8:48 pm
by Jenk
First off, make sure you are using mysql_real_escape_string() wisely/properly with regards to magic_quotes:
Code: Select all
<?php
function SQLClean ($string) {
if (get_magic_quotes_gpc()) {
$string = stripslashes($string);
}
return mysql_real_escape_string($string);
}
?>
What do you mean by sticky? Such as forums have for threads that "stick" to the top of the page? Covered in adhesive goop?
What happens to the content of the textarea after the user clicks submit? Is mysql involved?
Details! We need details!
Posted: Thu Nov 24, 2005 10:26 am
by twigletmac
You shouldn't need to escape the string before you put it into the database - are you running the function before you do your validation?
Mac
Posted: Thu Nov 24, 2005 10:29 am
by Jenk
twigletmac wrote:You shouldn't need to escape the string before you put it into the database
Whoah! Careful! Yes you do!
Posted: Thu Nov 24, 2005 10:44 am
by twigletmac
Jenk wrote:twigletmac wrote:You shouldn't need to escape the string before you put it into the database
Whoah! Careful! Yes you do!
Sorry - that reads very badly - I mean you don't need to escape it if all you're going to do is echo it back in the textarea, you do need to escape it just before you put it into the database.
Mac