everytime i submit a signle or double quote to php, php escapes it with a backslash which i can stop by stripslashes()
but my question is is what i am doing correct? becuase if i dont it causes some real problems if its not removed, i jus figured there are lots of
open source applications out there that deal with so much data and it will be difficult to unescape data one by one so there must be a better way
to handle this. is there? or is there a specific way of handling this?
problems with escaped data
Moderator: General Moderators
-
Cryophallion
- Forum Newbie
- Posts: 10
- Joined: Fri Apr 24, 2009 9:05 am
Re: problems with escaped data
I assume you mean single or double quote submitted to a database? If so, then yes.
As for single and double quotes in php:
If you are looking for an unfiltered string (ie, html code only, not variables etc in the string, no special characters), you can use single quotes, then concatenate them with variables or double quoted string as necessary, however, you can't use a single quote in the string, as it will think the string is ending ( 'this won't work' BUT 'this="Will work" ').
Doubles get evaluated, and you have to escape the special characters and the doubles so the string won't think it is ending. "This string="test" will stop the string at =. So, you escape it with "this string=\"test\" "
Does that clarify it?
As for single and double quotes in php:
If you are looking for an unfiltered string (ie, html code only, not variables etc in the string, no special characters), you can use single quotes, then concatenate them with variables or double quoted string as necessary, however, you can't use a single quote in the string, as it will think the string is ending ( 'this won't work' BUT 'this="Will work" ').
Doubles get evaluated, and you have to escape the special characters and the doubles so the string won't think it is ending. "This string="test" will stop the string at =. So, you escape it with "this string=\"test\" "
Does that clarify it?
Re: problems with escaped data
nah i just turned of magic quotes and that did the trick (i meant submitted via from to php itself)