hi all
I am try to insert the value like "test's"..
I Pass the value through test box;
If we retrive the value using $_REQUEST['text'];
then I insert to database in database it insert as test/'s.
Is there any way to handle this..
handling escape sequence
Moderator: General Moderators
handling escape sequence
What you have to do is while inserting data add 'addslashes' and while fetching the data from the table use 'stripslashes', like this way:
Code: Select all
$var="test's";
$testdata=addslashes($var);
/////while fetching write ///
stripslashes($row['testdata']);Like i said, you have magic_quotes on, so it auto adds slashes, and when outputting data you just need to strip slashes, like i said...
Zoxive wrote:stripslashes might be what you want when echoing the data back out.
- John Cartwright
- Site Admin
- Posts: 11470
- Joined: Tue Dec 23, 2003 2:10 am
- Location: Toronto
- Contact:
get_magic_quotes() was a terrible mistake and we now have to deal with some server configurations to fix this mistake.
Using this, we can eliminate the effects of magic quotes with the added benefit of using mysql_real_escape_string().. which I might add should be used on all incomming strings, the same as numerical should use intval() or typecasting.
Code: Select all
function escape($input)
{
if (get_magic_quotes_gpc()) {
$input = stripslashes($input);
}
return mysql_real_escape_string($input);
}- superdezign
- DevNet Master
- Posts: 4135
- Joined: Sat Jan 20, 2007 11:06 pm
This should only be used on request data, as magic_quotes only operates on request data. Otherwise, you could possibly remove slashes that you intended to keep.Jcart wrote:get_magic_quotes() was a terrible mistake and we now have to deal with some server configurations to fix this mistake.
Using this, we can eliminate the effects of magic quotes with the added benefit of using mysql_real_escape_string().. which I might add should be used on all incomming strings, the same as numerical should use intval() or typecasting.Code: Select all
function escape($input) { if (get_magic_quotes_gpc()) { $input = stripslashes($input); } return mysql_real_escape_string($input); }