Lee Posted April 6, 2010 Share Posted April 6, 2010 Hi, I am using mysql_real_escape_string to send form input to the database and I am using CKeditor to replace the textarea. With text, everything works fine, but if I upload an image, the url gets returned like this: \"/images/uploads/0ghfh7.jpg\" THIS IS THE PAGE SOURCE <img alt="\"\"" src="%5C%22/images/uploads/0ghfh7.jpg%5C%22" style="" 300px;="" height:="" 400px;="" float:="" right;\=""> I tried stripslashes on the function that echoes the output, but it doesn't seem to have cured it, so how can I escape those backslashes? These are my functions: // Edit homepage content // Check the setup form and send data to database function EditHomepage($paramHP) { db_connect(); if(isset($paramHP['submit'])){ $errors = array(); if(strlen($paramHP['homepagebody']) < 1) { $errors[] = 'Homepage body must be at least 2 characters.'; } if($errors) { return $errors; } else { $homepageBody = mysql_real_escape_string($paramHP['homepagebody']); $query = sprintf ("UPDATE homepage SET body = '$homepageBody' "); $result = mysql_query($query); if (!$result) { return false; } else { return true; } } } } // View homepage content function get_homepage_body() { $connection = db_connect(); $query = 'select body from homepage'; $result = mysql_query($query); while ($row = mysql_fetch_array($result)) { echo stripslashes($row['body']; } } Thanks Quote Link to comment https://forums.phpfreaks.com/topic/197734-how-do-i-escape-the-backslash-after-using-mysql_real_escape_string/ Share on other sites More sharing options...
Wolphie Posted April 6, 2010 Share Posted April 6, 2010 echo stripslashes($row['body'] You're missing a closing bracket ) Quote Link to comment https://forums.phpfreaks.com/topic/197734-how-do-i-escape-the-backslash-after-using-mysql_real_escape_string/#findComment-1037704 Share on other sites More sharing options...
Lee Posted April 6, 2010 Author Share Posted April 6, 2010 DOH! Thanks. Unfortunately though, it still has not made any difference. Quote Link to comment https://forums.phpfreaks.com/topic/197734-how-do-i-escape-the-backslash-after-using-mysql_real_escape_string/#findComment-1037705 Share on other sites More sharing options...
oni-kun Posted April 6, 2010 Share Posted April 6, 2010 Is may seem either magic_quotes_gpc is escaping your content twice, or your text editor is (which is obvious) is incorrectly parsing your HTML. It seems to be ripping up the attributes and escaping them, including escaping the entities. Quote Link to comment https://forums.phpfreaks.com/topic/197734-how-do-i-escape-the-backslash-after-using-mysql_real_escape_string/#findComment-1037716 Share on other sites More sharing options...
Lee Posted April 6, 2010 Author Share Posted April 6, 2010 Hmm, maybe I'm a bit out of my depth then. The text html seems fine, the editor just seems to be escaping the double quotes before sending it to the database, which I'm guessing is being done by mysql_real_escape_string. This is what is in the database: <strong>This is my homepage.</strong><img alt=\"\" src=\"/images/uploads/0ghfh7.jpg\" style=\"width: 300px; height: 400px; float: right;\" /><br /> <br /> Now I can rich edit this...<br /> The img alt=\"\" is not actually escaping twice, its just because I didn't enter an alt description, so it would just be alt="". Both " are being escaped once. If that is what you mean? I'm getting a bit lost with it now lol. Quote Link to comment https://forums.phpfreaks.com/topic/197734-how-do-i-escape-the-backslash-after-using-mysql_real_escape_string/#findComment-1037734 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.