dsjoes Posted January 29, 2011 Share Posted January 29, 2011 when i upload a link using the form below it adds \ into it like this <a href=\"http://www.google.co.uk\" target=\"_blank\">test</a> and the link is unusable with them any way to stop this <?php include("dbinfo.inc.php"); mysql_connect($localhost,$username,$password); @mysql_select_db($database) or die( "Unable to select database"); $query="SELECT * FROM News WHERE id='$id'"; $result=mysql_query($query); $num=mysql_numrows($result); mysql_close(); $i=0; while ($i < $num) { $News=mysql_result($result,$i,"News"); ?> <form action="updated.php"> <input type="hidden" name="ud_id" value="<? echo "$id"; ?>"> News:<br> <TEXTAREA NAME="ud_News" COLS=40 ROWS=6><? echo "$News"?></TEXTAREA><br> <input type="Submit" value="Update"> </form> <?php ++$i; } ?> Link to comment https://forums.phpfreaks.com/topic/226091-php-submit-link-problem/ Share on other sites More sharing options...
litebearer Posted January 30, 2011 Share Posted January 30, 2011 I suspect it is due to how you 'formatted' the information when you initially inserted it into the database. We would need to see that coding also. (note: why are you using mysql_close BEFORE you finish accessing the data?) Link to comment https://forums.phpfreaks.com/topic/226091-php-submit-link-problem/#findComment-1167132 Share on other sites More sharing options...
Pikachu2000 Posted January 30, 2011 Share Posted January 30, 2011 Post the output of anything that starts with 'magic_quotes' from phpinfo. Link to comment https://forums.phpfreaks.com/topic/226091-php-submit-link-problem/#findComment-1167133 Share on other sites More sharing options...
dsjoes Posted January 30, 2011 Author Share Posted January 30, 2011 Post the output of anything that starts with 'magic_quotes' from phpinfo. magic_quotes_gpc On On magic_quotes_runtime Off Off magic_quotes_sybase Off Off Link to comment https://forums.phpfreaks.com/topic/226091-php-submit-link-problem/#findComment-1167136 Share on other sites More sharing options...
Pikachu2000 Posted January 30, 2011 Share Posted January 30, 2011 OK, when you insert the values into the database, are you using any logic strip out the slashes added by magic_quotes_gpc before using mysql_real_escape_string? If you don't, the data ends up doubly escaped resulting in a set of the slashes making its way into the database. Should look something like this for sanitizing and inserting the data: if( get_magic_quotes_gpc() ) { $value = mysql_real_escape_string(stripslashes($_POST['value'])); } else { $value = mysql_real_escape_string($_POST['value']); } Link to comment https://forums.phpfreaks.com/topic/226091-php-submit-link-problem/#findComment-1167140 Share on other sites More sharing options...
dsjoes Posted January 30, 2011 Author Share Posted January 30, 2011 OK, when you insert the values into the database, are you using any logic strip out the slashes added by magic_quotes_gpc before using mysql_real_escape_string? If you don't, the data ends up doubly escaped resulting in a set of the slashes making its way into the database. Should look something like this for sanitizing and inserting the data: if( get_magic_quotes_gpc() ) { $value = mysql_real_escape_string(stripslashes($_POST['value'])); } else { $value = mysql_real_escape_string($_POST['value']); } thanks that has worked Link to comment https://forums.phpfreaks.com/topic/226091-php-submit-link-problem/#findComment-1167145 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.