Page 1 of 1

Getting rid of backslash escapes passed through GET

Posted: Tue Jul 08, 2008 6:54 pm
by cormanaz
I have a form on which I'm doing user input validation. When I find a mistake, I'm trying to pass the valid form values back to the form page via GET so the user doesn't have to re-enter them. This is all working OK except that when one of the text fields contains text with an apostrophe, it reappears with backslashes. This code reproduces the problem if you enter some text containing an apostrophe:

Code: Select all

<?php
    if ($_POST['Submit'] == 'Submit') {
            $message = urlencode($_POST['foo']);
            header("Location: test.php?msg=$message");
    }
?>
<form action="test.php" method="post" name="form" id="form">
    <input type="text" name="foo" value="<?php echo $_GET['msg']; ?>">
    <input name="Submit" type="submit" id="Submit" value="Submit">
</form>
I have tried stripslashes() to get rid of the escapes, but it only takes care of the escaped backslash--the apostrophe is still escaped. urldecode() doesn't do the trick either. What am I doing wrong?

TIA....

Steve

Re: Getting rid of backslash escapes passed through GET

Posted: Tue Jul 08, 2008 6:58 pm
by Eran
You have magic_quotes_gpc turned on in your php configuration file. It is recommended in general to have this option turned off, and it will solve your current predicament

Re: Getting rid of backslash escapes passed through GET

Posted: Wed Jul 09, 2008 10:11 am
by cormanaz
That did it, thanks!

Re: Getting rid of backslash escapes passed through GET

Posted: Wed Jul 09, 2008 10:17 am
by pickle
To make your code more portable, use get_magic_quotes_gpc()

Code: Select all

$varPassedviaGet = (get_magic_quotes_gpc()) ? stripslashes($_GET['varName']) : $_GET['varName'];