[nycphp-talk] Another Apostrophe-related issue
Dan Cech
dcech at phpwerx.net
Wed Jan 9 12:40:09 EST 2008
Ken Robinson wrote:
> At 10:42 PM 1/8/2008, Kristina Anderson wrote:
>> I'm having yet another apostrophe-related issue. It seems that the
>> slashes are being added automatically by the HTML form and inserted
>> into the database on save. Magic quotes is on (get_magic_quotes_gpc
>> (); returns 1) and I have removed any addslashes() functions from my
>> code.
>>
>> The slashes seem to be spawning, i.e. the first round after
>> entering 's and saving, I get back /'s in the text box, the next
>> round ///'s, etc.
>>
>> Soon enough I have a text box full of ////////////////////////////////
>
> You should be using
>
> $var = mysql_real_escape_string(stripslashes($var));
>
> before adding to your database.
>
> After you retrieve the value, use
> $var = htmlentities(stripslashes($var),ENT_QUOTES);
>
> when displaying the value back to the screen.
>
> Ken
Umm, no.
Lose both invocations of stripslashes and it will work properly.
You should be using
$var = mysql_real_escape_string($var);
before adding to your database.
After you retrieve the value, use
$var = htmlentities($var,ENT_QUOTES);
when displaying the value back to the screen.
See http://nyphp.org/phundamentals/storingretrieving.php for more details.
Dan
More information about the talk
mailing list