Form automatically escapes strings?
Posted: Tue Dec 11, 2007 3:32 am
I wrote up a simple script to test out how strings are escaped, and when I run this following example, I see that anything I type into the form is automatically escaped. For example, when I type "test'test" into the form, it will print out as "test\'test" even though I don't have any code to escape it.
My question is this: Is this a result of my web browser automatically adding the slashes upon submitting the form (tested on Firefox and IE7 and the result's the same), or is my server apparently configured to automatically add the slashes when receiving form data (which would be useful, but could potentially cause me to overlook a lack of escaping and would be a real problem if I later upload to a server which doesn't support this)?
My question is this: Is this a result of my web browser automatically adding the slashes upon submitting the form (tested on Firefox and IE7 and the result's the same), or is my server apparently configured to automatically add the slashes when receiving form data (which would be useful, but could potentially cause me to overlook a lack of escaping and would be a real problem if I later upload to a server which doesn't support this)?
Code: Select all
<form action="test.php" method="post">
<input type="text" name="username">
<input type="submit">
</form>
<BR><BR>
<?php
if (isset($_POST['username']))
{
print $_POST['username'];
}
?>