showing a slash in an apostrophe'd name

[ginerjm]

With the help of this forum I have learned to use json-encode to take the results of a mysql query in php and build a JS array to use in a JS function on my page to supply looked up names in response to a entered number value.  Works great!  The code that displays the results is the same code (same exact lines) thta gets used on a copule of different screens for different purpose.  Here's the problem.

 

I created a new screen layout using the code by adding some line breaks basically using html to re-arrange my input screen to make a better layout for printing.  That's all.  But - on 2 of my screens names stored in my table such as O'Meara show up just fine, on the 3rd (new) screen this name shows up as O\'Meara.  Thinking that I probably needed to add the slash to the database and then use PHP "stripslashes" to remove it when I retrieved it, I added that to my query results process.  It still shows up with the slash.  In fact, I played around and added an apostrophe to another entry on the table and re-ran the code and now I get a \ in both names, but only on the one screen.  So - I went back and removed the slash from the one table entry that I put it in and it still shows up on this one screen with a slash. 

 

I am absolutely positive that the same line of html/php is producing the output for all 3 screens, so what could be doing this in one situation only? I've looked at the html file that is being displayed and there is no embedded \ character in the guy's name, EXCEPT in the place where the html is displaying it in the value= parameter.  The JS array does not have a \ character in hte guy's array element. 

 

Some code pieces below

this is how I retrieve the data from the table and build the php array:
$golfers["$gnum"] = stripslashes($row['golfer']);

this is how I create the js array: 
var jsgolfers = <?php echo json_encode($golfers); ?>;

this is how I retrieve the array element and place in into the html input tag (name="pickname"+a number in 'str')
document.getElementById("pickname"+str).value = stripslashes(jsgolfers[choice]);

 

[Adam]

If your data contains slashes you should look at how they're getting in originally, not how to remove them as you're getting it out. If you correctly escape the data as you insert it, there shouldn't be slashes within it. It's possible your server has magic quotes enabled and you're double escaping the data or something, in which case I would look at trying to disable it.

 

You should always use the DBMS' built-in function to escape data; if you're using MySQL then it would be the mysql_real_escape_string function. That will escape certain characters within the string for insertion, but as inserted they will simply escape each character's special meaning and not actually get inserted themselves - which is what should happen. Then when you extract the data, you won't need to use stripslashes() or anything (although a different type of escaping should be done to prevent XSS - look at htmlentities and htmlspecialchars).