odd Backslash

[Xtremer360]

The issue I'm having is when the returned data has data to place inside of fields it does but when there isn't data then it shows a backslash and I'm not sure why? Any ideas?

 

<form action="#" id="bioForm" >
        <?php 
        while ($row = mysqli_fetch_array($groupsResult, MYSQLI_ASSOC)) {
            echo "<fieldset>
            <legend>" . $row['groupName'] . "</legend>";
            $fieldsResult = mysqli_query ( $dbc, sprintf($fieldsQuery,$row['ID']) );
            echo $fieldsQuery;
            while ($row2 = mysqli_fetch_array($fieldsResult, MYSQLI_ASSOC)) {
                echo "<div class=field required>";
                if ($row2['inputType'] == "text") {
                    echo "<label for=" . $row2['ID'] . ">" . $row2['fullName'] . "</label>";
                    echo "<input type=text name=" . $row2['ID'] . " id=" . $row2['ID'] . " class=text biofield title=" . $row2['fullName'] . " value=" . $row2['content'] . " />";     
                } elseif ($row2['inputType'] == "textarea") {
                    echo "<label for=" . $row2['ID'] . ">" . $row2['fullName'] . "</label>";
                    echo "<textarea name=" . $row2['ID'] . " id=" . $row2['ID'] . " class=textarea biofield title=" . $row2['fullName'] . " >" . $row2['content'] . "</textarea>";
                } else {
                    echo "<label for=" . $row2['ID'] . ">" . $row2['fullName'] . "</label>";
                    echo "<select name=" . $row2['ID'] . " id=" . $row2['ID'] . " class=dropdown biofield title=" . $row2['fullName'] . " >";
                    echo "<option value= >None</option>";
                    if ($styleID == 1 || $styleID == 2 || $styleID == 6) {
                        $charactersQuery = "
                        SELECT 
                            characters.ID, 
                            characters.characterName 
                        FROM 
                            characters 
                        WHERE 
                            characters.styleID = 3
                        ORDER BY 
                            characters.characterName";
                    }
                    else {
                        $charactersQuery = "
                        SELECT 
                            characters.ID, 
                            characters.characterName 
                        FROM 
                            characters 
                        WHERE 
                            characters.styleID IN (1,2,6)
                        ORDER BY 
                            characters.characterName";
                    }
                    
                    $charactersResult = mysqli_query ( $dbc, $charactersQuery ); // Run The Query
                    
                    while ( $manager_row = mysqli_fetch_array ( $charactersResult, MYSQL_ASSOC ) ) {
                            print "<option value=\"".$manager_row['ID']."\" ";
        					if($manager_row['ID'] == $row2['content']) {
        						     print " SELECTED";
        					}
                            print ">".$manager_row['characterName']."</option>\r";
                    }
                    
                    echo "</select>";
                }
                
                echo "</div>";
            }
            echo "</fieldset>";
        } 
        ?>
        <fieldset>
            <input type="hidden" name="defaultCharID" id="defaultCharID" value="<?php echo $defaultCharID; ?>" /> 
            <input type="submit" class="submit" id="editBio" title="Edit Bio" value="Edit Bio" />
        </fieldset>
    </form>

 

 

<?php

session_start(); // Access the existing session

// Include the database page
require ('../../inc/dbconfig.php');

$defaultCharID = $_SESSION['defaultCharID'];

$styleIDQuery = "
    SELECT
        characters.styleID
    FROM
        characters
    WHERE
        characters.ID = '" . $defaultCharID . "'";
$styleIDResult = mysqli_query ( $dbc, $styleIDQuery ); // Run The Query
$row = mysqli_fetch_array( $styleIDResult, MYSQL_ASSOC );
$styleID = $row[ 'styleID' ];

$groupsQuery = "
    SELECT 
        groups.* 
    FROM 
        groups 
    WHERE 
        groups.styleID = '" . $styleID . "'
    ORDER BY 
        groups.ID";
$groupsResult = mysqli_query ( $dbc, $groupsQuery ); // Run The Query

$fieldsQuery = "
    SELECT 
        fields.*,
        fieldsContent.content 
    FROM 
        fields
        INNER JOIN fieldsContent
            ON fields.ID = fieldsContent.fieldID
    WHERE 
        fields.styleID = '". $styleID . "' AND fields.groupID = '%d' AND fields.statusID = 1 AND fieldsContent.characterID = '". $defaultCharID . "'";

?>

[kenrbnsn]

Your server probably has runtime magic quotes turned on. If you have access to the php.ini file, turn them off. If you don't have access, get your hosting company to turn them off. Until that happens use stripslashes on the data before displaying it.

 

Ken

[Xtremer360]

The odd part about that is they are off and I even added stripslashes and its still showing.

[requinix]

it shows a backslash

Where?

[Xtremer360]

For the value of the text box.

[requinix]

Proper HTML might show the reason. Always use quotes for attributes, then htmlentities to escape the values. Example:

"value=\"" . htmlentities($row2['content'] . "\"

[Xtremer360]

echo "<input type=text name=" . $row2['ID'] . " id=" . $row2['ID'] . " class=text biofield title=" . $row2['fullName'] . " value=\"" . htmlentities($row2['content'] . "\" />";     

 

This is giving me an unexpected semicolon on that line. Seems odd because I have to have one at the end of that line.

[requinix]

It's because I made a typo.

[Xtremer360]

I'm not seeing the typo though.

[requinix]

Look more carefully.

htmlentities($row2['content']