ask9 Posted April 8, 2011 Share Posted April 8, 2011 Hi guys When I insert a data into MySQL and thru addslashes() it is adding not one but 3 slashes in mysql. By the way here are the codes, <?php //$conn = new mysqli('localhost', 'root', '', 'my_db'); $conn = new mysqli('localhost', 'coder9_work', '******', 'coder9_portfolio'); $query = "INSERT into portfolio(category, title, description, version, started, finished) VALUES (?, ?, ?, ?, ?, ?)"; $select = $_POST['select']; $title = addslashes($_POST['title']); $description = $_POST['description']; $version = $_POST['version']; $started = $_POST['started']; $finished = $_POST['finished']; $stmt = $conn->stmt_init(); if($stmt->prepare($query)) { $stmt->bind_param('ssssss', $select, $title, $description, $version, $started, $finished); $stmt->execute(); } if($stmt) { echo "Thank you!"; } else { echo "There was a problem. Please try again later."; } ?> How do I fix this problem so that It will add only one slashes? Thanks in advanced. Quote Link to comment https://forums.phpfreaks.com/topic/233106-addslashes-is-adding-3-slashes/ Share on other sites More sharing options...
ask9 Posted April 8, 2011 Author Share Posted April 8, 2011 By the way here is the example data that is added in MySQL. <a href=\\\'selsosa.com\\\'>selosa</a> As you can see I'm trying to insert a HTML tag codes in the database. But addslashes is adding 3 slashes. Thanks in advanced. Quote Link to comment https://forums.phpfreaks.com/topic/233106-addslashes-is-adding-3-slashes/#findComment-1198837 Share on other sites More sharing options...
Pikachu2000 Posted April 8, 2011 Share Posted April 8, 2011 I don't believe you use any escaping, such as addslashes() (which you wouldn't normally use with MySQL anyhow) or mysql_real_escape_string() with a prepared statement. Make sure magic_quotes_gpc is off. Quote Link to comment https://forums.phpfreaks.com/topic/233106-addslashes-is-adding-3-slashes/#findComment-1198839 Share on other sites More sharing options...
ask9 Posted April 8, 2011 Author Share Posted April 8, 2011 Thanks Do I need to tell my admin server to turn that off? Or how do I turn it off using .htaccess? or php codes only? Thanks again in advanced. Quote Link to comment https://forums.phpfreaks.com/topic/233106-addslashes-is-adding-3-slashes/#findComment-1198841 Share on other sites More sharing options...
dcro2 Posted April 8, 2011 Share Posted April 8, 2011 Just check if it's on with get_magic_quotes_gpc and don't use addslashes() if it is on. Quote Link to comment https://forums.phpfreaks.com/topic/233106-addslashes-is-adding-3-slashes/#findComment-1198842 Share on other sites More sharing options...
ask9 Posted April 8, 2011 Author Share Posted April 8, 2011 Thanks guys it's working now. Problem solved. Quote Link to comment https://forums.phpfreaks.com/topic/233106-addslashes-is-adding-3-slashes/#findComment-1198844 Share on other sites More sharing options...
Pikachu2000 Posted April 8, 2011 Share Posted April 8, 2011 If you can get it turned off, that would be the preferred thing to do. If you have to do it via the .htaccess file: php_value magic_quotes_gpc off. If all else fails, you can test for it in the script, and use its inverse function, stripslashes() on incoming data. This will work as long as $_POST doesn't contain sub-arrays. If you use $_GET, or $_COOKIE data also, those would need to be handled too. if( function_exists(get_magic_quotes_gpc()) && get_magic_quotes_gpc() === TRUE ) { array_map( 'stripslashes', $_POST ); } Quote Link to comment https://forums.phpfreaks.com/topic/233106-addslashes-is-adding-3-slashes/#findComment-1198846 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.