RyanSF07 Posted July 11, 2007 Share Posted July 11, 2007 Hi guys, I have the strip_slashes and add_slashes working well on different pages. However, on this particular page where one can "edit" information in a form, the following code fails. How does it fail? Well, in the form generated by the following code, only text without quotes and slashes displays. That is, if there is a row in the database like: non quoted text -- it displays in the form without trouble. But, if there is a row of text in the database like: quoted \"text\" -- it displays only: quoted The quoted text is dropped completely. How can I get around this? Can you please suggest a different way of using strip_slashes? -- as the way I'm using it isn't working here: <?php $id = $_GET[id]; $_SESSION[editQ] = $id; $update = $_POST['update']; $question3 = $_POST['question']; $question4 = addslashes($question3); $opt1 = $_POST['opt1']; $opt2 = $_POST['opt2']; $opt3 = $_POST['opt3']; $answer = $_POST['answer']; if($id) { $sql = "SELECT * FROM $table WHERE id=$id"; $query_result = mysql_query($sql); $myrow = mysql_fetch_array($query_result); $question1 = $myrow["question"]; $question2 = stripslashes($question1); ?> Edit this question. <form action="edit_this_q_processor.php?id=$_SESSION[editQ]" method="post"> <input type="hidden" name="id" value="<?php echo $myrow[id]?>"> <b>Question:</b><br> <input type="Text" name="question" value="<?php echo $question2 ?>" size="50"> <br> <b>Option 1:</b><br> <input type="Text" name="opt1" value="<?php echo $myrow[opt1]?>" size="40"> <br> <b>Option 2:</b><br> <input type="Text" name="opt2" value="<?php echo $myrow[opt2]?>" size="40"> <br> <b>Option 3:</b><br> <input type="Text" name="opt3" value="<?php echo $myrow[opt3]?>" size="40"> <br> <b>Answer</b> (must be identical to correct option):<br> <input type="Text" name="answer" value="<?php echo $myrow[answer]?>" size="40"> <br> <br> <input type="Submit" name="update" value="Update Question"></form> <? } ?> Thank you very much! Ryan Quote Link to comment Share on other sites More sharing options...
per1os Posted July 11, 2007 Share Posted July 11, 2007 You should never have to stripslashes coming out of the database. If you are it means that you double escaped the data going into the database. www.php.net/get_magic_quotes_gpc Use that to determine if the data is already escaped. If that is true it means slashes were already added to the data via addslashes. But yea, rule of thumb is you should never use stripslashes on data coming out of a database. Quote Link to comment Share on other sites More sharing options...
RyanSF07 Posted July 11, 2007 Author Share Posted July 11, 2007 I'm new at all this, but I've so far been told to leave magic_quotes off in the php.ini file, and use add_slashes and strip_slashes in the code. In other places, this works well. But here, not so. Magic_quotes is off. Quote Link to comment Share on other sites More sharing options...
per1os Posted July 11, 2007 Share Posted July 11, 2007 Magic_quotes is off than I would suggest using www.php.net/mysql_real_escape_string instead of add slashes. Also you should never have to strip_slashes of data coming out of a database. Because once the escaped data enters the DB MySQL automatically removes those slashes for you. Striping the data does not adverse affects until you have \ in your code, than stripslashes will make sure that goes away. Quote Link to comment Share on other sites More sharing options...
RyanSF07 Posted July 11, 2007 Author Share Posted July 11, 2007 fixed it with: <input type="Text" name="question" value='<?php echo stripslashes($myrow["question"]); ?>' size="50"> Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.