Jump to content


Photo

stripslashes problem


  • Please log in to reply
3 replies to this topic

#1 Daen

Daen
  • Members
  • PipPip
  • Member
  • 17 posts

Posted 14 August 2006 - 05:39 PM

Hi,

Got a comments form that I'm trying to get to work on my website.  People can post their writing and have others comment on it.  So, I want the comments form to send an email to the author of the story being commented on.  But, stripslashes isn't working as I expect it to.

function check_form($necessaryVars)
{
  // ... other form processing above

  $commentText = mysql_real_escape_string(nl2br($commentText));
  $subject = mysql_real_escape_string($subject)

  // insert $commentText into the database

  sendNotice($commentText, $subject);
  // end the form checking function
}

function sendNotice($commentText, $subject)
{
   $commentText = stripslashes(str_replace("<br />", "", $commentText));
   $subject = stripslashes($subject);

   echo $commentText;
   echo $subject;

   // assume necessary variables here are taken care of, except $commentText
   mail($authorEmail, $subject, $commentText, $from);
}

$commentText is taken from a textarea on an html form.  If I input something like "Here's a comment." it comes out as "Here\'s a comment." even after the explicit call to stripslashes().  The really weird thing is it's working just fine on the call to clean up $subject.

Does anyone have any ideas as to why this might be happening?  I've got similar things happening on other pages of my site-- calls to
stripslashes(str_replace("<br />", "", $someText))
-- and they all seem to work just great.

I appreciate the help.

#2 Caesar

Caesar
  • Members
  • PipPipPip
  • Advanced Member
  • 1,025 posts

Posted 14 August 2006 - 06:08 PM

What happens if you add:

<?php

$comment = $commentText;
$filter = array("'", "\"");
$replace = array('&apos;', '&quot;');
$commentText = preg_replace($filter, $replace, $comment);

?>

PHP Ninja

#3 Caesar

Caesar
  • Members
  • PipPipPip
  • Advanced Member
  • 1,025 posts

Posted 14 August 2006 - 06:11 PM

Alternatively, you can maybe do:

<?php
$commentText = strip_tags(htmlspecialchars($commentText));
?>

PHP Ninja

#4 Daen

Daen
  • Members
  • PipPip
  • Member
  • 17 posts

Posted 14 August 2006 - 07:38 PM

When I try the first one I get a warning about no ending delimiter found, and I still get the slashes.  I guess if you meant for me to try the preg_replace() instead of mysql_real_escape_string(), then that might work, but I'd rather not have to do that if possible... Especially since I've never had a problem with stripslashes() before like this.  It just doesn't make any sense.

I even tried assigning a separate holder variable for the commentText before I call mysql_real_escape_string(), and somehow the slashes even get in when I use the holder variable.  It's really bizarre.

I finally got it to work by using

$commentText = str_replace("\\", "", $commentText);





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users