Jump to content

Addslashes - Stripslashes problem


Zeradin

Recommended Posts

I am trying to send titles and information to an SQL table. It was messing up with apostrophes so I added slahes.

 

$title = $_POST['title'];
$info = $_POST['info'];
$info2 = addslashes($info);
$title2 = addslashes($title);

 

And I send it to an xml file:

$output = '<?xml version="1.0"?>';
$output.= "<venue>\n";
$output.= "<title>".$title2."</title>\n";
$output.= "<picture>".$image."</picture>\n";
$output.= "<website>".$website."</website>\n";
$output.= "<add1>".$add1."</add1>\n";
$output.= "<add2>".$add2."</add2>\n";
$output.= "<phone>".$phone."</phone>\n";
$output.= "<info>".$info2."</info>\n";
$output.="</venue>\n";

 

Then when I read out the info like this:

 

$file = "reviews/xml/".$id.".xml";
$xml = simplexml_load_file($file) or die ("Unable to load XML file!");
$title = $xml->title;
stripslashes($title);
echo '<table width="100%" border="0" cellspacing="3" cellpadding="3">';
echo '<tr>
    	<td colspan=2>
	 <span class="venuetitle"> 
	 <strong>'.$xml->title.'</strong> 
	 </span>
 	</td>
 	<td valign="top" align="right">

 

I still get slashes on the page. Why?

Link to comment
https://forums.phpfreaks.com/topic/120437-addslashes-stripslashes-problem/
Share on other sites

Because you are putting the string with slashes into the variables $info2 and $title2 and stripping slashes from the variable $title, which you don't ever set to anything so it doesn't do anything, anyway.

 

Use your slashed string variables ($info2 and $title2) in the query and then go back to using the original ones ($info and $title) afterwards. Or better yet, leave the variables alone and do the query like:

$qry = "SELECT * FROM Table WHERE something = ".addslashes($info);

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.