Hi, All my data is going through Doctrine, but also with Zend_Db_Table I've the same issue.
Enter this data: > Hello my name is Jurian. I'm a Zend Framework user This means my data is stored into the database like this (checked with phpmyadmin: > Hello my name is Jurian. I\'m a Zend Framework user Fetch the data from a model (with Doctrine or Zend_Db_Table) the result of $myObj->myVar is > Hello my name is Jurian. I\'m a Zend Framework user Quite logical, because Zend adds the slashes, but doesn't remove them (as far as I know). So how where you able to strip the slashes automatically? Regards, Jurian -- Jurian Sluiman CTO Soflomo V.O.F. http://soflomo.com On Friday 19 Feb 2010 23:52:57 Hector Virgen wrote: > You shouldn't have to call stripslashes on data coming out of the database, > unless you somehow double-escaped it when being inserted. To be sure, your > SQL query should look something like this (in MySQL): > > INSERT INTO table SET lastname = 'O\'Reilly'; > > If you accidentally are double-escaping, your query would look like this: > > INSERT INTO table SET lastname = 'O\\\'Reilly'; > > When you pull the data back out of the database, you should not have any > slashes except when they are actually part of the data. This means all you > have to do is use $this->escape() on them from within your templates. > > If you are double-escaping, the first thing I would check is to make sure > magic_quotes is OFF, and then manually escape the data going into the > database using Zend_Db#quote(). > > -- > Hector > > On Fri, Feb 19, 2010 at 2:33 PM, Jurian Sluiman <[email protected]> wrote: > > Hi all, > > I try to figure out what the best option is to escape my data. I have an > > UTF-8 website so actually it's fine to work with the original characters > > (and no need for htmlentities() or htmlspecialchars()). Nevertheless all > > my data comes from a database and the data is inserted with all quotes > > escaped. That means by display the texts I need for every variable a > > stripslashes(). > > > > Stripslashes() everywhere is very ugly and gives cluttered code in all my > > view scripts. What's the best option to strip the slashes automatically? > > Replace the escape function by stripslashes() replaces the problem by > > another: $this->escape() everywhere instead of stripslashes(). Is it > > better to escape the variables automatically by overriding the __set() > > from Zend_View_Abstract? Another (fail prove) systems to have a smart > > system to escape my data? > > > > Thanks in advance, > > Jurian
