[SOLVED] stripping back slashes

[Hardwarez]

I have used mysql_real_escape_string() on all data that is input and stored in my db. 

 

I am using this; in a edit form.

<input type="text" size="25" MAXLENGTH="100" name="client'.$i.'" value="';
$client=$row['client'];
$client=stripslashes($client);
echo $client . '"' . $j . '>

 

Stripslashes() seems to not work.  The out put goes to the first \ and stops; showing the first back slash.

 

Ie If the client name is

Mr "Big"

.  Then the output is

Mr \

 

[darkfreaks]

try this function

 

<?php

function no_slashes($array)
    {
        foreach($array as $key=>$value)
            {
                if(is_array($value))
                    {
                        $value=no_slashes($value);
                        $array_temp[$key]=$value;                        
                    }
                else
                    {
                        $array_temp[$key]=stripslashes($value);
                    }
            }        
        return $array_temp;    
    } 

?>

[Hardwarez]

That did not work. It only output

<br />

[kenrbnsn]

When formatting text containing quotes to go to the browser, you have to use the htmlentities() function:

<?php
echo '<input type="text" size="25" MAXLENGTH="100" name="client'.$i.'" value="' . htmlentities($row['client'], ENT_QUOTES) .'"' . $j . '>';
?>

 

Ken

[Hardwarez]

Wow, ok, I dont understand why thats needed, but hey it works now..  Thanks!

 

[GingerRobot]

The reason why its needed: You enclose the value of your text box in double quotes, yet your value contains a double quote. So, the browser gets confused. Is it the value supposed to terminate with the first double quote it comes across? That is what it does - it doesn't 'nest' the double quotes - afterall, what would happen if the value contained a single double quote.

 

Therefore, we use the html character codes for the quotes inside things like values of elements.