Page 1 of 1
every time i get more slashes with my text
Posted: Tue Jul 31, 2007 8:21 am
by amir
Hello
I am inserting About Me text into my DB and whenever I update this text, I got more added slashes e.g.
first I enter
I 'm here again, it 'll enter I \'m here again in DB and then when again I update it, it becomes, I \\\'m here again and then on other update, it becomes, I \\\\\\\'m here again and so on...
Please let me know what should I do to avoid it?
TIA
Posted: Tue Jul 31, 2007 8:26 am
by nissar
Use stripslashes() function when displaying in the page (or in the form).
Posted: Tue Jul 31, 2007 10:01 am
by miro_igov
stripslashes() is not good if you display the text in <input type="text" name="bla" value="<?php echo $result['bla'] ?>"> because the string will be trimmed if it contains quotes.
Re: every time i get more slashes with my text
Posted: Tue Jul 31, 2007 10:57 am
by superdezign
amir wrote:Hello
I am inserting About Me text into my DB and whenever I update this text, I got more added slashes e.g.
first I enter
I 'm here again, it 'll enter I \'m here again in DB and then when again I update it, it becomes, I \\\'m here again and then on other update, it becomes, I \\\\\\\'m here again and so on...
Please let me know what should I do to avoid it?
TIA
Turn off magic_quotes.
miro_igov wrote:stripslashes() is not good if you display the text in <input type="text" name="bla" value="<?php echo $result['bla'] ?>"> because the string will be trimmed if it contains quotes.
You are supposed to use htmlspecialchars() when echoing data into an HTML element anyway.
Posted: Tue Jul 31, 2007 6:36 pm
by feyd
Magic quotes doesn't need to be off. Your code
needs to support it being on and off.
get_magic_quotes_gpc() +
stripslashes() for the normalization of submission data.. then whatever escaping function required by your database of choice. No need to stripping on the return end if done correctly.