Bickey Posted January 31, 2011 Share Posted January 31, 2011 I'm saving customer comments in an MYSQL. But the when I use mysql_real_escape_string() to filter the input data it's causing wired signs when it's displayed in the guest book. (E.g. whenever there is a ' sign, the output is \'). Is it safe to have a guest book without mysql_real_escape_string( or please suggest how should I go about creating this guest book on my website. Thanks. Bickey. Quote Link to comment https://forums.phpfreaks.com/topic/226247-guestbook/ Share on other sites More sharing options...
msaz87 Posted January 31, 2011 Share Posted January 31, 2011 Use stripslashes when displaying the comments Quote Link to comment https://forums.phpfreaks.com/topic/226247-guestbook/#findComment-1167922 Share on other sites More sharing options...
Pikachu2000 Posted January 31, 2011 Share Posted January 31, 2011 If stripslashes() is necessary, the problem is occurring when the data is inserted. You probably have magic_quotes_gpc() on in your php.ini and don't check for it before escaping the data for insert. You should set magic_quotes_gpc() to Off if possible. If you can't, and/or you want the code to be as portable as possible, use an escaping sequence that checks for magic_quotes_gpc(), and if on, applies stripslashes() before escaping the data. if( get_magic_quotes_gpc() ) { $data = mysql_real_escape_string(stripslashes($_POST['data'])); } else { $data = mysql_real_escape_string($_POST['data']); } Quote Link to comment https://forums.phpfreaks.com/topic/226247-guestbook/#findComment-1167925 Share on other sites More sharing options...
Bickey Posted January 31, 2011 Author Share Posted January 31, 2011 Thank you Pikachu2000. I'll give it a try. Quote Link to comment https://forums.phpfreaks.com/topic/226247-guestbook/#findComment-1167931 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.