mcmuney Posted September 19, 2006 Share Posted September 19, 2006 I'm using a script to send messages to members within my site, but the form doesn't accept html. Plus, everywhere there's ' is used, on reply it adds a bunch of \\\\\'. I've narrowed this problem down to the following lines (particularly the htmlspecialchars and addslashes). Any help to explain this would be greatly appreciated:[code]$subject = htmlspecialchars($subject);$body = htmlspecialchars($body);$sql="INSERT INTO `sc_messages` (`smg_from`, `smg_to`, `smg_subject`, `smg_body`, `smg_postdate`,`smg_block` ) VALUES ('$social_mem_id','$scm_mem_id ','$subject','".addslashes($body)."','$time','$smg_block')";[/code] Quote Link to comment Share on other sites More sharing options...
shortj75 Posted September 19, 2006 Share Posted September 19, 2006 did you try to use stripslashes like so[code]$body = $_POST['body'];$body = stripslashes($body);[/code]that should remove the //////but i did notice that you are useing addslashes($body) that will add the /////// so change addslashes to stripslashes and that should solve your problem Quote Link to comment Share on other sites More sharing options...
mcmuney Posted September 20, 2006 Author Share Posted September 20, 2006 Strange, if I replace "addslashes" with "stripslashes", it no longer writes to the database. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.