Nightasy Posted October 8, 2013 Share Posted October 8, 2013 Greetings all, I have a question about escaping characters prior to entering a field into a database and than echo'ing that escaped data back onto a page. My problem is that the slash marks are echo'ing out of the database onto another page. For instance if I were to do something along the lines of: $hpintrotitle = mysqli_real_escape_string($connect, trim($_POST['hpintrotitle'])); $q = "UPDATE homepage SET mstitle='$hpintrotitle' WHERE msid='1' LIMIT 1"; $r = @mysqli_query($connect, $q); If I place the word "You've" or "Isn't" into that field when I echo it out from the database it comes back as "You\'ve" or "Isn\'t" I know this is probably basic stuff but I apparently missed this lesson in school. Any help would be appreciated. Side note: I am bringing this data back as an array using something along these lines: $rowintro = mysqli_fetch_array ($rintro, MYSQLI_NUM); echo $rowintro[0]; echo $rowintro[1]; and so on.... Thanks for taking a look. Link to comment https://forums.phpfreaks.com/topic/282811-php-escaped-characters/ Share on other sites More sharing options...
Nightasy Posted October 8, 2013 Author Share Posted October 8, 2013 Well, apparently stripslashes solves this issue. Are there other ways besides stripslashes or preg_replace? Link to comment https://forums.phpfreaks.com/topic/282811-php-escaped-characters/#findComment-1453088 Share on other sites More sharing options...
AbraCadaver Posted October 8, 2013 Share Posted October 8, 2013 You're vars are coming from $_GET or $_POST? If so then magic_quotes_gpc is enabled and adds slashes before populating the get or post vars. Normally you'd disable magic_quotes_gpc and not rely on them, but if they happen to be enabled then you could do this in a main included file that is executed before any code that uses get or post vars: if(get_magic_quotes_gpc()) { $_GET = array_map('stripslashes', $_GET); $_POST = array_map('stripslashes', $_POST); $_COOKIE = array_map('stripslashes', $_COOKIE); } Similarly there is magic_quotes_runtime. Link to comment https://forums.phpfreaks.com/topic/282811-php-escaped-characters/#findComment-1453091 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.