[SOLVED] Escapism

[rarebit]

Hi,

I seem to be having trouble with the whole escaping and htmlspecialchars thing...

 

I've set up my own way of installing data into mysql. When installing I parse the data with 'mysql_real_escape_string()', before inserting.

 

Then later when it's put into a form element I 'strip_tags()' and 'htmlspecialchars()', yet it still outputs '\ in the form, in actual fact outputting \’ .

 

However if I delete the offending slash then update the form it's ok. It's also ok when I input data directly into the form and update (multiple times...) and that uses the same process as when it's installed. So why the difference and how to solve please?

 

Rob

[joquius]

stripslashes($text);?

 

And if you don't want html tags you're better off using:

 

$text = str_replace ("<", ">", $text);

$text = str_replace (">", "<", $text);

 

I may have greater-than and less-than mixed up, I can never remember which is which.

[papaface]

stripslashes($text);?

 

And if you don't want html tags you're better off using:

 

$text = str_replace ("<", ">", $text);

$text = str_replace (">", "<", $text);

 

I may have greater-than and less-than mixed up, I can never remember which is which.

strip_tags(), would be easier

[rarebit]

mmm, i'd forgotten to mention stripslashes. Yet after a couple of hours of mind numbing check, uninstalling and installing, I realise it's actually one of the modules and not the base system and here it is already pre-escaped and therefore escaped on both parts...

 

Sorry about that and thanks!