[SOLVED] please help with strip slashes

[RyanSF07]

Hi guys,

 

I have the strip_slashes and add_slashes working well on different pages.

 

However, on this particular page where one can "edit" information in a form, the following code fails.

 

How does it fail? Well, in the form generated by the following code, only text without quotes and slashes displays.

 

That is, if there is a row in the database like: non quoted text  -- it displays in the form without trouble.

 

But, if there is a row of text in the database like: quoted \"text\"  -- it displays only: quoted

 

The quoted text is dropped completely.

 

How can I get around this?

 

Can you please suggest a different way of using strip_slashes? -- as the way I'm using it isn't working here:

 

<?php
$id = $_GET[id];
$_SESSION[editQ] = $id;
$update = $_POST['update'];
$question3 = $_POST['question'];
$question4 = addslashes($question3); 
$opt1 = $_POST['opt1'];
$opt2 = $_POST['opt2'];
$opt3 = $_POST['opt3'];
$answer = $_POST['answer'];

if($id) {
$sql = "SELECT * FROM $table WHERE id=$id";
$query_result = mysql_query($sql);
$myrow = mysql_fetch_array($query_result);

$question1 = $myrow["question"]; 
$question2 = stripslashes($question1); 

?>

Edit this question.
<form action="edit_this_q_processor.php?id=$_SESSION[editQ]" method="post">
<input type="hidden" name="id" value="<?php echo $myrow[id]?>">
    <b>Question:</b><br>
    <input type="Text" name="question" value="<?php echo $question2 ?>" size="50">
    <br>
    <b>Option 1:</b><br>
    <input type="Text" name="opt1" value="<?php echo $myrow[opt1]?>" size="40">
    <br>
    <b>Option 2:</b><br>
    <input type="Text" name="opt2" value="<?php echo $myrow[opt2]?>" size="40">
    <br>
    <b>Option 3:</b><br>
    <input type="Text" name="opt3" value="<?php echo $myrow[opt3]?>" size="40">
    <br>
    <b>Answer</b> (must be identical to correct option):<br>
    <input type="Text" name="answer" value="<?php echo $myrow[answer]?>" size="40">
    <br>
    <br>
<input type="Submit" name="update" value="Update Question"></form>
<?
}

?>

 

Thank you very much!

 

Ryan

[per1os]

You should never have to stripslashes coming out of the database.

 

If you are it means that you double escaped the data going into the database.

 

www.php.net/get_magic_quotes_gpc

 

Use that to determine if the data is already escaped. If that is true it means slashes were already added to the data via addslashes.

 

But yea, rule of thumb is you should never use stripslashes on data coming out of a database.

[RyanSF07]

I'm new at all this, but I've so far been told to leave magic_quotes off in the php.ini file, and use add_slashes and strip_slashes in the code.

 

In other places, this works well. But here, not so.

 

Magic_quotes is off.

[per1os]

Magic_quotes is off than I would suggest using www.php.net/mysql_real_escape_string  instead of add slashes.

 

Also you should never have to strip_slashes of data coming out of a database. Because once the escaped data enters the DB MySQL automatically removes those slashes for you.

 

Striping the data does not adverse affects until you have \ in your code, than stripslashes will make sure that goes away.

[RyanSF07]

fixed it with:

 

<input type="Text" name="question" value='<?php echo stripslashes($myrow["question"]); ?>' size="50">