cutielou22 Posted October 25, 2012 Share Posted October 25, 2012 "What's new to the site?" shows up as "What\'s new to the site?". Why is this? How can I prevent this? How it is ran through the site: $pagetitle = mysqli_real_escape_string ($mysqli, $pagetitle); $pagetitle = cleansafelynow($pagetitle); I did google this problem and nothing seemed to help me. It shows up fine when not going through mysqli_real_escape_string. The function used: function cleansafelynow($var) { if (@get_magic_quotes_gpc()) {stripslashes($var);} strip_tags($var); htmlspecialchars($var, ENT_QUOTES); return $var; } I also tried stripshlashes() alone and not going through the if statement and it remains the same. Is there something I can do to remove all backslashes possibly? Or maybe a different way to accomplish this? magic_quotes_gpc, magic_quotes_runtime, and magic_quotes_sybase are all off. Link to comment https://forums.phpfreaks.com/topic/269918-backslash-problem/ Share on other sites More sharing options...
requinix Posted October 25, 2012 Share Posted October 25, 2012 strip_tags() is only used once and that's when the data is coming directly from the user. And only if you actually do want to strip out anything that resembles HTML tags. The only thing you truly need* is mysqli_real_escape_string() on the input just before you put it into a query, and htmlspecialchars() or htmlentities() on anything just before you put it into your HTML page. So 1. strip_tags() 2. mres when it goes into the query 3. Retrieve from database 4. htmlspecialchars() when it goes into the HTML * If you haven't otherwise verified that the input is safe. Like numbers are inherently safe. Link to comment https://forums.phpfreaks.com/topic/269918-backslash-problem/#findComment-1387776 Share on other sites More sharing options...
kicken Posted October 25, 2012 Share Posted October 25, 2012 Your cleansafelynow function doesn't actually do anything the way you have it written. You never save the results of those function calls back to $var so all you're doing is returning the same exact data you passed into the function. function cleansafelynow($var) { if (get_magic_quotes_gpc()){ $var=stripslashes($var); } $var=strip_tags($var); $var=htmlspecialchars($var, ENT_QUOTES); return $var; } Link to comment https://forums.phpfreaks.com/topic/269918-backslash-problem/#findComment-1387777 Share on other sites More sharing options...
cutielou22 Posted October 25, 2012 Author Share Posted October 25, 2012 Kicken, thank you. That made it work correctly! I can't believe I didn't even think to try that. . . . xP Link to comment https://forums.phpfreaks.com/topic/269918-backslash-problem/#findComment-1387789 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.