wigglesby Posted January 13, 2010 Share Posted January 13, 2010 Hi I have some data in my db, which is inserted into a form. As some of the text is in " it's " with single quote, it inserts with a \' into the db. This is all fine, the problem is I'm wanting to use nl2br, which finds all the \r\n and outputs a break. But this still outputs the it\'s string. I have the following: $json_out = nl2br(stripslashes($mtj->get_json())); But using stripslashes removes the \ form the it\'s but then outputs the rn minus theri slashes. Anyway I can round this? Thanks Quote Link to comment Share on other sites More sharing options...
ignace Posted January 13, 2010 Share Posted January 13, 2010 $json_out = stripslashes(nl2br($mtj->get_json())); Quote Link to comment Share on other sites More sharing options...
trq Posted January 13, 2010 Share Posted January 13, 2010 If you are having backslashes inserted into your database your data is not being escaped properly. You should check if magic quotes is enabled, and if it is strip all slashes from your data then apply mysql_real_escape_string to it prior to placing it within your database. Quote Link to comment Share on other sites More sharing options...
wigglesby Posted January 13, 2010 Author Share Posted January 13, 2010 Ok, I'm using: $content = mysql_real_escape_string($_POST['content']); To insert the text. Do I need to add stripslashes before the real_escape_string function? $content = stripslasges(mysql_real_escape_string($_POST['content'])); The code: $json_out = stripslashes(nl2br($mtj->get_json())); didn't work Thanks Quote Link to comment Share on other sites More sharing options...
trq Posted January 13, 2010 Share Posted January 13, 2010 Ok, I'm using: $content = mysql_real_escape_string($_POST['content']); To insert the text. Do I need to add stripslashes before the real_escape_string function? If magic quotes are enabled, yes. if (get_magic_quotes_gpc()) { $content = stripslashes($_POST['content']); } else { $content = $_POST['content']; } $content = mysql_real_escape_string($content); Quote Link to comment Share on other sites More sharing options...
Adam Posted January 13, 2010 Share Posted January 13, 2010 Sounds like you may have magic quotes turned on. What does get_magic_quotes_gpc return? -- thorpe beat me too it, kinda. I think your best bet would be to disable, if it is enabled, it to be honest. Quote Link to comment Share on other sites More sharing options...
wigglesby Posted January 13, 2010 Author Share Posted January 13, 2010 Ok: echo get_magic_quotes_gpc(); Returned 1, so I guess magic quotes is turned on.... $json_out = nl2br($mtj->get_json()); This seemed to work as well. Cheers guys Quote Link to comment Share on other sites More sharing options...
wigglesby Posted January 13, 2010 Author Share Posted January 13, 2010 Ok, so it works for some but not others: if (get_magic_quotes_gpc()) { $good_practice = stripslashes($_POST['good_practice']); $investment_return = stripslashes($_POST['investment_return']); } else { $good_practice = $_POST['good_practice']; $investment_return = $_POST['investment_return']; } $good_practice = mysql_real_escape_string($_POST['good_practice']); $investment_return = mysql_real_escape_string($_POST['investment_return']); On output it will still output the following: it\'s Any idea why? Thanks Quote Link to comment Share on other sites More sharing options...
Adam Posted January 13, 2010 Share Posted January 13, 2010 Should be: $good_practice = mysql_real_escape_string($good_practice); $investment_return = mysql_real_escape_string($investment_return); Quote Link to comment Share on other sites More sharing options...
wigglesby Posted January 13, 2010 Author Share Posted January 13, 2010 Oh yeah Cheers everyone! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.