Nightasy Posted October 8, 2013 Share Posted October 8, 2013 Greetings all, I have a question about escaping characters prior to entering a field into a database and than echo'ing that escaped data back onto a page. My problem is that the slash marks are echo'ing out of the database onto another page. For instance if I were to do something along the lines of: $hpintrotitle = mysqli_real_escape_string($connect, trim($_POST['hpintrotitle'])); $q = "UPDATE homepage SET mstitle='$hpintrotitle' WHERE msid='1' LIMIT 1"; $r = @mysqli_query($connect, $q); If I place the word "You've" or "Isn't" into that field when I echo it out from the database it comes back as "You\'ve" or "Isn\'t" I know this is probably basic stuff but I apparently missed this lesson in school. Any help would be appreciated. Side note: I am bringing this data back as an array using something along these lines: $rowintro = mysqli_fetch_array ($rintro, MYSQLI_NUM); echo $rowintro[0]; echo $rowintro[1]; and so on.... Thanks for taking a look. Quote Link to comment https://forums.phpfreaks.com/topic/282811-php-escaped-characters/ Share on other sites More sharing options...
Nightasy Posted October 8, 2013 Author Share Posted October 8, 2013 Well, apparently stripslashes solves this issue. Are there other ways besides stripslashes or preg_replace? Quote Link to comment https://forums.phpfreaks.com/topic/282811-php-escaped-characters/#findComment-1453088 Share on other sites More sharing options...
AbraCadaver Posted October 8, 2013 Share Posted October 8, 2013 (edited) You're vars are coming from $_GET or $_POST? If so then magic_quotes_gpc is enabled and adds slashes before populating the get or post vars. Normally you'd disable magic_quotes_gpc and not rely on them, but if they happen to be enabled then you could do this in a main included file that is executed before any code that uses get or post vars: if(get_magic_quotes_gpc()) { $_GET = array_map('stripslashes', $_GET); $_POST = array_map('stripslashes', $_POST); $_COOKIE = array_map('stripslashes', $_COOKIE); } Similarly there is magic_quotes_runtime. Edited October 8, 2013 by AbraCadaver Quote Link to comment https://forums.phpfreaks.com/topic/282811-php-escaped-characters/#findComment-1453091 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.