biscoe916 Posted March 9, 2008 Share Posted March 9, 2008 I have a little message board app. It works ok but for some reason PHP is adding slashes before certain punctuation.... Why? And how do i stop this? So if i were to type this into the form: Hi I'm tired. It would be displayed on the page(and entered into the database) as: Hi I\'m tired. How can i fix this. Is the fact that im using: mysql_real_escape_string(); the problem? Quote Link to comment Share on other sites More sharing options...
rubing Posted March 9, 2008 Share Posted March 9, 2008 Yeah Dude. That definitely be the problem. You need to use another command like stripslasshes() upon retrieving your data. But don't tell anybody else about this please. Quote Link to comment Share on other sites More sharing options...
biscoe916 Posted March 9, 2008 Author Share Posted March 9, 2008 But what if someone actually wanted to put slashes in their post... Would that remove the intentional ones as well? Quote Link to comment Share on other sites More sharing options...
corbin Posted March 9, 2008 Share Posted March 9, 2008 "Yeah Dude. That definitely be the problem. You need to use another command like stripslasshes() upon retrieving your data. But don't tell anybody else about this please." Sarcasm? School project you want people to fail? Anyway, look into magic quotes..... What ever data is entered is being slashed automatically, and then you're slashing it again.... Quote Link to comment Share on other sites More sharing options...
rubing Posted March 9, 2008 Share Posted March 9, 2008 no way bro, i was telling him to use stripslashes() ohhh, i see i must've accidentally deleted part of my post when copy and pasting... that's why the end doesn't make sense Quote Link to comment Share on other sites More sharing options...
corbin Posted March 9, 2008 Share Posted March 9, 2008 When you have magic quotes on (I personally can't stand magic quotes), it's the equivalent of running all of the REQUEST variables through addslashes(); To demonstrate, it would be like this, except done automatically: function stripslashes_deep($value) { $value = is_array($value) ? array_map('addslashes_deep', $value) : addslashes($value); return $value; } if(isset($_GET)) $_GET = stripslashes_deep($_GET); if(isset($_POST)) $_POST = stripslashes_deep($_POST); if(isset($_COOKIE)) $_COOKIE = stripslashes_deep($_COOKIE); That mean's that addslashing()ing again would be like doing: $str = "This is Corbin's string"; $str = addslashes($str); $str = addslashes($str); //$str is now "This is Corbin\\\'s string"; Then, when putting that into the database, MySQL would interpret the first \\ as an escaped \, and \' would be interpretted as ', leaving you with \'. As for outputting on the page, you would have "This is Corbin\'s string" in the raw variable, which is what would be printed. Anyway, just google magic quotes, or look on http://php.net/addslashes , and it will explain what magic quotes is/what it does. Quote Link to comment Share on other sites More sharing options...
biscoe916 Posted March 9, 2008 Author Share Posted March 9, 2008 Problem solved. Thanks alot for the help! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.