Canman2005 Posted November 29, 2008 Share Posted November 29, 2008 Hi all I am using mysql_real_escape_string when posting any data from a form to a QUERY, but I am getting an increasing number of slashes appearing, sometimes as many as 7 or 8 of them per value. I am using strip the php strip slashes funtion to remove them, but it does seem to be leaving some values with slashes in them How can I strip all slashes? thanks Quote Link to comment Share on other sites More sharing options...
kenrbnsn Posted November 29, 2008 Share Posted November 29, 2008 Please post the code you're using. Ken Quote Link to comment Share on other sites More sharing options...
Canman2005 Posted November 29, 2008 Author Share Posted November 29, 2008 when posting data or when displaying data? Quote Link to comment Share on other sites More sharing options...
kenrbnsn Posted November 29, 2008 Share Posted November 29, 2008 Both. Ken Quote Link to comment Share on other sites More sharing options...
Canman2005 Posted November 29, 2008 Author Share Posted November 29, 2008 For posting $data = mysql_real_escape_string($_POST['datafield']); for printing print stripslashes($recentitemsrow['data']); but it still seems to leave tons of slashes Quote Link to comment Share on other sites More sharing options...
corbin Posted November 29, 2008 Share Posted November 29, 2008 I bet magic_quotes is on.... Ewwww. Try to get it disabled if it is on. Quote Link to comment Share on other sites More sharing options...
Canman2005 Posted November 29, 2008 Author Share Posted November 29, 2008 If I get it disabled, could it effect anything else? Also, if I get it disabled, would I need to go and manually remove all slashes or would strip slashes sort that out? Quote Link to comment Share on other sites More sharing options...
Barand Posted November 29, 2008 Share Posted November 29, 2008 function clean($str) { $str = (get_magic_quotes_gpc()) ? stripslashes($str) : $str; return mysql_real_escape_string($str); } $var = clean($_POST['var']); $sql = "INSERT INTO mytable (myvar) VALUES ('$var')"; Quote Link to comment Share on other sites More sharing options...
trq Posted November 29, 2008 Share Posted November 29, 2008 Also, there should be no need to use stripslashes when displaying data from the database. It shouldn't actually be stored with slashes in place. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.