Jump to content

Recommended Posts

Greetings all,

 

I have a question about escaping characters prior to entering a field into a database and than echo'ing that escaped data back onto a page. My problem is that the slash marks are echo'ing out of the database onto another page.

 

For instance if I were to do something along the lines of:

$hpintrotitle = mysqli_real_escape_string($connect, trim($_POST['hpintrotitle']));

$q = "UPDATE homepage SET mstitle='$hpintrotitle' WHERE msid='1' LIMIT 1";
$r = @mysqli_query($connect, $q);

If I place the word "You've" or "Isn't" into that field when I echo it out from the database it comes back as "You\'ve" or "Isn\'t"

 

I know this is probably basic stuff but I apparently missed this lesson in school. Any help would be appreciated.

 

Side note: I am bringing this data back as an array using something along these lines:

$rowintro = mysqli_fetch_array ($rintro, MYSQLI_NUM);

echo $rowintro[0];
echo $rowintro[1];

and so on....

 

Thanks for taking a look.

Link to comment
https://forums.phpfreaks.com/topic/282811-php-escaped-characters/
Share on other sites

You're vars are coming from $_GET or $_POST?  If so then magic_quotes_gpc is enabled and adds slashes before populating the get or post vars.  Normally you'd disable magic_quotes_gpc and not rely on them, but if they happen to be enabled then you could do this in a main included file that is executed before any code that uses get or post vars:

if(get_magic_quotes_gpc()) {
   $_GET = array_map('stripslashes', $_GET);
   $_POST = array_map('stripslashes', $_POST);
   $_COOKIE = array_map('stripslashes', $_COOKIE);
}

Similarly there is magic_quotes_runtime.

Edited by AbraCadaver
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.