How do I escape the backslash after using mysql_real_escape_string?

[Lee]

Hi, I am using mysql_real_escape_string to send form input to the database and I am using CKeditor to replace the textarea. With text, everything works fine, but if I upload an image, the url gets returned like this:

\"/images/uploads/0ghfh7.jpg\"

THIS IS THE PAGE SOURCE
<img alt="\"\"" src="%5C%22/images/uploads/0ghfh7.jpg%5C%22" 
style="" 300px;="" height:="" 400px;="" float:="" right;\="">

 

I tried stripslashes on the function that echoes the output, but it doesn't seem to have cured it, so how can I escape those backslashes?

 

These are my functions:

 

// Edit homepage content
// Check the setup form and send data to database
function EditHomepage($paramHP)
{
db_connect();
if(isset($paramHP['submit'])){         

	$errors = array();	

	if(strlen($paramHP['homepagebody']) < 1) {
		$errors[] = 'Homepage body must be at least 2 characters.';
	}
	if($errors) {
		return $errors;
	} else {
		$homepageBody = mysql_real_escape_string($paramHP['homepagebody']);

		$query = sprintf ("UPDATE homepage 
		                              SET 
									      body = '$homepageBody'
										 ");
		    $result = mysql_query($query); 
    
	    if (!$result) {
			return false;
    		} else {
			return true;
    		}                           
	}
}
}


// View homepage content
function get_homepage_body()
{
	  $connection = db_connect();

    $query = 'select body from homepage'; 

		$result = mysql_query($query);		

		while ($row = mysql_fetch_array($result)) 
		{
		 echo stripslashes($row['body'];
		}

}

 

Thanks

[Wolphie]

echo stripslashes($row['body']

 

You're missing a closing bracket )

[Lee]

DOH! Thanks.

 

Unfortunately though, it still has not made any difference.

[oni-kun]

Is may seem either magic_quotes_gpc is escaping your content twice, or your text editor is (which is obvious) is incorrectly parsing your HTML. It seems to be ripping up the attributes and escaping them, including escaping the entities.

[Lee]

Hmm, maybe I'm a bit out of my depth then. The text html seems fine, the editor just seems to be escaping the double quotes before sending it to the database, which I'm guessing is being done by mysql_real_escape_string. This is what is in the database:

<strong>This is my homepage.</strong><img alt=\"\" src=\"/images/uploads/0ghfh7.jpg\" style=\"width: 300px; height: 400px; float: right;\" /><br />
<br />
Now I can rich edit this...<br />

The img alt=\"\" is not actually escaping twice, its just because I didn't enter an alt description, so it would just be alt="". Both " are being escaped once. If that is what you mean? I'm getting a bit lost with it now lol.