Jump to content

Archived

This topic is now archived and is closed to further replies.

Daen

stripslashes problem

Recommended Posts

Hi,

Got a comments form that I'm trying to get to work on my website.  People can post their writing and have others comment on it.  So, I want the comments form to send an email to the author of the story being commented on.  But, stripslashes isn't working as I expect it to.

[code]
function check_form($necessaryVars)
{
  // ... other form processing above

  $commentText = mysql_real_escape_string(nl2br($commentText));
  $subject = mysql_real_escape_string($subject)

  // insert $commentText into the database

  sendNotice($commentText, $subject);
  // end the form checking function
}

function sendNotice($commentText, $subject)
{
  $commentText = stripslashes(str_replace("<br />", "", $commentText));
  $subject = stripslashes($subject);

  echo $commentText;
  echo $subject;

  // assume necessary variables here are taken care of, except $commentText
  mail($authorEmail, $subject, $commentText, $from);
}
[/code]

$commentText is taken from a textarea on an html form.  If I input something like "Here's a comment." it comes out as "Here\'s a comment." even after the explicit call to stripslashes().  The really weird thing is it's working just fine on the call to clean up $subject.

Does anyone have any ideas as to why this might be happening?  I've got similar things happening on other pages of my site-- calls to [code]stripslashes(str_replace("<br />", "", $someText))[/code] -- and they all seem to work just great.

I appreciate the help.

Share this post


Link to post
Share on other sites
What happens if you add:

[code]<?php

$comment = $commentText;
$filter = array("'", "\"");
$replace = array('&apos;', '&quot;');
$commentText = preg_replace($filter, $replace, $comment);

?>[/code]

Share this post


Link to post
Share on other sites
Alternatively, you can maybe do:

[code]<?php
$commentText = strip_tags(htmlspecialchars($commentText));
?>[/code]

Share this post


Link to post
Share on other sites
When I try the first one I get a warning about no ending delimiter found, and I still get the slashes.  I guess if you meant for me to try the preg_replace() instead of mysql_real_escape_string(), then that might work, but I'd rather not have to do that if possible... Especially since I've never had a problem with stripslashes() before like this.  It just doesn't make any sense.

I even tried assigning a separate holder variable for the commentText before I call mysql_real_escape_string(), and somehow the slashes even get in when I use the holder variable.  It's really bizarre.

I finally got it to work by using

[code]$commentText = str_replace("\\", "", $commentText);[/code]

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.