Addslashes - Stripslashes problem

[Zeradin]

I am trying to send titles and information to an SQL table. It was messing up with apostrophes so I added slahes.

 

$title = $_POST['title'];
$info = $_POST['info'];
$info2 = addslashes($info);
$title2 = addslashes($title);

 

And I send it to an xml file:

$output = '<?xml version="1.0"?>';
$output.= "<venue>\n";
$output.= "<title>".$title2."</title>\n";
$output.= "<picture>".$image."</picture>\n";
$output.= "<website>".$website."</website>\n";
$output.= "<add1>".$add1."</add1>\n";
$output.= "<add2>".$add2."</add2>\n";
$output.= "<phone>".$phone."</phone>\n";
$output.= "<info>".$info2."</info>\n";
$output.="</venue>\n";

 

Then when I read out the info like this:

 

$file = "reviews/xml/".$id.".xml";
$xml = simplexml_load_file($file) or die ("Unable to load XML file!");
$title = $xml->title;
stripslashes($title);
echo '<table width="100%" border="0" cellspacing="3" cellpadding="3">';
echo '<tr>
    	<td colspan=2>
	 <span class="venuetitle"> 
	 <strong>'.$xml->title.'</strong> 
	 </span>
 	</td>
 	<td valign="top" align="right">

 

I still get slashes on the page. Why?

[lemmin]

Because you are putting the string with slashes into the variables $info2 and $title2 and stripping slashes from the variable $title, which you don't ever set to anything so it doesn't do anything, anyway.

 

Use your slashed string variables ($info2 and $title2) in the query and then go back to using the original ones ($info and $title) afterwards. Or better yet, leave the variables alone and do the query like:

$qry = "SELECT * FROM Table WHERE something = ".addslashes($info);

[sKunKbad]

This line:

 

<strong>'.$xml->title.'</strong>

 

should be:

 

<strong>'.$title.'</strong>

[Zeradin]

oh yeah. awesome thanks! both were really useful