spacepoet Posted December 13, 2010 Share Posted December 13, 2010 Hi: Is this the proper way to remove slashes from apostrophes: if ($_SERVER['REQUEST_METHOD'] == 'POST') { $myTitle = mysql_real_escape_string(stripslashes($_POST['myTitle'])); $myDesc = mysql_real_escape_string(stripslashes($_POST['myDesc'])); $myHeader = mysql_real_escape_string(stripslashes($_POST['myHeader'])); $mySubHeader = mysql_real_escape_string(stripslashes($_POST['mySubHeader'])); $myPageData = mysql_real_escape_string(stripslashes($_POST['myPageData'])); It seems to work fine, I'd just like to clarify I'm not missing anything. Thanks! Link to comment https://forums.phpfreaks.com/topic/221545-strip-slashes/ Share on other sites More sharing options...
AbraCadaver Posted December 13, 2010 Share Posted December 13, 2010 You really only need to strip slashes if magic_quotes is enabled: if(get_magic_quotes_gpc()) { $_POST = array_map('stripslashes', $_POST); } A lot less typing Link to comment https://forums.phpfreaks.com/topic/221545-strip-slashes/#findComment-1146823 Share on other sites More sharing options...
spacepoet Posted December 13, 2010 Author Share Posted December 13, 2010 Hi: I'm sure magic_quotes is because whenever I use an apostrophe in a text field or textarea, a "slash" gets added. But adding the "stripmagicslashes" like I did fixed it. What you posted, can that be used as an included file - like a functions library - to remove slashes? Thanks. Link to comment https://forums.phpfreaks.com/topic/221545-strip-slashes/#findComment-1146829 Share on other sites More sharing options...
AbraCadaver Posted December 13, 2010 Share Posted December 13, 2010 Hi: I'm sure magic_quotes is because whenever I use an apostrophe in a text field or textarea, a "slash" gets added. But adding the "stripmagicslashes" like I did fixed it. What you posted, can that be used as an included file - like a functions library - to remove slashes? Thanks. This is useful if you are on shared hosting, may move hosts and/or distribute your app to others. If so, then yes it could be part of an include that you use to initialize your app. If you have and always will have control of your server settings then this isn't needed. Link to comment https://forums.phpfreaks.com/topic/221545-strip-slashes/#findComment-1146832 Share on other sites More sharing options...
spacepoet Posted December 13, 2010 Author Share Posted December 13, 2010 I believe I just answered my own question: include('../include/myCodeLib.php'); myCodeLib.php <?php //STRIP SLASHES if(get_magic_quotes_gpc()) { $_POST = array_map('stripslashes', $_POST); } ?> Page.php if ($_SERVER['REQUEST_METHOD'] == 'POST') { $myTitle = mysql_real_escape_string($_POST['myTitle']); $myDesc = mysql_real_escape_string($_POST['myDesc']); $myHeader = mysql_real_escape_string($_POST['myHeader']); $mySubHeader = mysql_real_escape_string($_POST['mySubHeader']); $myPageData = mysql_real_escape_string($_POST['myPageData']); Seems to work just fine! Thanks for the tip! Link to comment https://forums.phpfreaks.com/topic/221545-strip-slashes/#findComment-1146835 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.