every time i get more slashes with my text

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
amir
Forum Contributor
Posts: 287
Joined: Sat Oct 07, 2006 4:28 pm

every time i get more slashes with my text

Post by amir »

Hello
I am inserting About Me text into my DB and whenever I update this text, I got more added slashes e.g.
first I enter
I 'm here again, it 'll enter I \'m here again in DB and then when again I update it, it becomes, I \\\'m here again and then on other update, it becomes, I \\\\\\\'m here again and so on...

Please let me know what should I do to avoid it?

TIA
User avatar
nissar
Forum Newbie
Posts: 10
Joined: Tue Jul 31, 2007 4:37 am

Post by nissar »

Use stripslashes() function when displaying in the page (or in the form).
miro_igov
Forum Contributor
Posts: 485
Joined: Fri Mar 31, 2006 5:06 am
Location: Bulgaria

Post by miro_igov »

stripslashes() is not good if you display the text in <input type="text" name="bla" value="<?php echo $result['bla'] ?>"> because the string will be trimmed if it contains quotes.
User avatar
superdezign
DevNet Master
Posts: 4135
Joined: Sat Jan 20, 2007 11:06 pm

Re: every time i get more slashes with my text

Post by superdezign »

amir wrote:Hello
I am inserting About Me text into my DB and whenever I update this text, I got more added slashes e.g.
first I enter
I 'm here again, it 'll enter I \'m here again in DB and then when again I update it, it becomes, I \\\'m here again and then on other update, it becomes, I \\\\\\\'m here again and so on...

Please let me know what should I do to avoid it?

TIA
Turn off magic_quotes.

miro_igov wrote:stripslashes() is not good if you display the text in <input type="text" name="bla" value="<?php echo $result['bla'] ?>"> because the string will be trimmed if it contains quotes.
You are supposed to use htmlspecialchars() when echoing data into an HTML element anyway.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

Magic quotes doesn't need to be off. Your code needs to support it being on and off.

get_magic_quotes_gpc() + stripslashes() for the normalization of submission data.. then whatever escaping function required by your database of choice. No need to stripping on the return end if done correctly.
Post Reply