slashes in web forms

[turtleman8605]

How do I get a web form to not add slashes when someone inputs a quote in a text field?

 

For example see www.morseavenuedesign.com/CinemaSightLines.com/sample_forum.php

[Fergusfer]

How do I get a web form to not add slashes when someone inputs a quote in a text field?

 

For example see www.morseavenuedesign.com/CinemaSightLines.com/sample_forum.php

 

That depends on how and why the slashes are being added.  It's difficult to diagnose the problem without the code.  I have seen this problem manifest when code escaped strings twice before submitting it to the database, resulting in some of the escape characters themselves being saved.

[per1os]

For database entry, I suggest using this function to escape the data instead of "addslashes" if that is what you are using.

<?php
function myEscape($string) {
       return  get_magic_quotes_gpc()?addcslashes(stripslashes ($string), "\x00\n\are\\'\"\x1a" ):addcslashes($string, "\x00\n\are\\'\"\x1a" );
}

foreach ($_REQUEST as $key => $val) {
      $_REQUEST[$key] = myEscape($val);
}
?>

 

If you just want to strictly display/email the data than I would do this:

 

<?php
foreach ($_REQUEST as $key => $val) {
         $_REQUEST[$key] = stripslashes($val);
}
?>

 

Note I used $_REQUEST because unsure if you are using get or post, feel free to substitute either or.

[wintallo]

Yah, you need to use stripslashes() to... strip the slashes  wherever in your code where you output the database data.

 

Also, when inputting data into the mySQL, I would use mysql_real_escape_string() as apposed to addslashes().

[turtleman8605]

Thanks a lot. That worked perfectly.