c_shelswell Posted May 6, 2008 Share Posted May 6, 2008 Hi, I'm sure this must be pretty easy I just don't know how to do it. How do i stop stripbackslashes from removing backslashes that a user has actually inputted? Eg a user can enter a backslash but then on returning to the page becuase i have stripbackslashes cant see the ones that should be there. Cheers Quote Link to comment Share on other sites More sharing options...
conker87 Posted May 6, 2008 Share Posted May 6, 2008 Escape it then strip them? I could never figure out how to get past this.. Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted May 6, 2008 Share Posted May 6, 2008 Only use stripslashes() on data that has had slashes added because of addslashes() or one of the magic quotes settings. If your form data has not been processed by either addslashes() or one of the magic quotes settings, don't use stripslashes() on it. As a side note, all the magic quotes settings have been removed in php6, so everyone won't need to work around the problem of needing to remove the slashes automatically put in by php. Quote Link to comment Share on other sites More sharing options...
c_shelswell Posted May 7, 2008 Author Share Posted May 7, 2008 Trouble is I'm allowing a user to edit what they've typed so for instance. They might type "this is a \" then if they edit it they type "this is a \\" i've added it to the db using mysql_real_escape_string now when i show the entry again it's stripped the extra backslash. Any ideas? Cheers Quote Link to comment Share on other sites More sharing options...
c_shelswell Posted May 7, 2008 Author Share Posted May 7, 2008 With a bit more searching I managed to find a really useful thread. http://www.phpbuilder.com/board/showthread.php?t=10330933 hopefully this helps someone else too. Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted May 7, 2008 Share Posted May 7, 2008 If someone enters "some text with \" in it", mysql_real_escape_string() will convert that to "some text with \\\" in it". When that is inserted into the database it will be identical to the original (the extra slashes are not inserted into the database.) When this is retrieved, you will get the original - "some text with \" in it" If you are getting anything else in the input, it means that magic_quotes_gpc is on and is escaping the data from the form. If you are getting anything else when you retrieve the data, it means that magic_quotes_runtime is on. Unfortunately, stripslashes() appears to be broken in the current php5 version and all slashes are removed. Double slashes \\ are not converted to a single \ anymore. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.