Jump to content

Getting a forward slashes in my text whenever there is an apostrophe


Recommended Posts

I am sure someone has come accross this before:

I am putting togther a content management website, I want to insert some text into a mySQL database. I have a php page with a form to type in my text, then when a submit the info, I re-direct to a validation page to make sure that the user has caputed all the fields.

Should I leave one of the fields out, the script will redirect back to the HTTP referer page with a message below that particular field stating that "this field cannot be a null string" When the script redirects page to the page with the form, every single word that had an apostrophe, now has an apostrophe with a backslash, like so: [b]someone's is now someone\'s[/b].

I think it has something to do with my insert statement:

$query = "INSERT INTO news SET " .
"new_id = NULL, " .
"title = \"" .
$formVars["title"] . "\", " .
"description = \"" .
$formVars["description"] . "\", "
"date = \"".
$formVars["date"] . "\"";

By the way formVars variable is used for validation

Here is some code for validation:

//Validate the description for instance

if(empty($formVars["description"]))
//the description cannot be a null string
$errors["description"] =
"The description field cannot be blank.";
elseif (strlen($formVars["description"]) > 4000)
$errors["description'] =
"The description can be no longer than 4000 " .
"characters";

If I remove the backslashes from the INSERT STATEMENT, then I get a parse error ?
If I fill in all the fields, the validation script writes to the DB, and when I query the DB to display the text from the DB, I still have these back slashes ?

In mySQL DB, my field type is a BLOB,

Any Suggestions please ?

Thankyou
Eldred
You have magic quotes turned on and PHP is being "helpful". It has nothing to do with your sql statement.
Where is the array $formVars being populated?
Try this code: (I assumed that your form is being "POST"ed)
[code]<?php
//Validate the description for instance

//the description cannot be a null string
if(trim(stripslashes($_POST["description"])) == '')
     $errors["description"] = "The description field cannot be blank.";
elseif (strlen(trim(stripslashes($_POST["description"]))) > 4000)
     $errors["description'] = "The description can be no longer than 4000 characters";
else $formVar['description'] = trim(stripslashes($_POST['description']));
//
//  etc
//
$query = "INSERT INTO news SET new_id = NULL, title = '" . mysql_real_escape_string($formVars["title"]) . "', description = '" . mysql_real_escape_string($formVars["description"]) . "', date = '" . $formVars["date"] . "'";
$rs = mysql_query($query) or die('Problem with the query: ' . $query . '<br>' . mysql_error());
?>[/code]

Ken

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.