You may need to explain more clearly what exactly is happening. From the previous report (before yours), it sounds like data was double escaped before insertion into a database. Meanwhile, you seem to be saying its not but it only has double-escaping when used outside of Zend_Form which is different.
Either way, it makes no sense! Is the data retrieved from the database slashed or not slashed? If it is, that's a database problem - not the View. If it's not - then why would anything between the DB and View be adding extra slashes you say need to be stripped? There's nothing in Zend_View or Zend_Form that I am aware of that adds slashes. Just to be clear, the way things should work is that data is escaping going into the database, and unescaped upon retrieval. The data itself therefore remains consistent and there should be no extra slashes anywhere unless added by some external process (e.g. addslashes, mysql_real_escape_string, magic quotes, etc). Paddy Pádraic Brady http://blog.astrumfutura.com http://www.survivethedeepend.com OpenID Europe Foundation Irish Representative ________________________________ From: Keyne <[email protected]> To: [email protected] Sent: Thu, February 25, 2010 2:35:56 AM Subject: [fw-general] Re: Escape, stripslashes and html entities Look, when I populate this data into my form for an edit option I don't need to strip the slashes. But in my list action, that catch the data in the same way of my edit option I have to use stripslashes. So, my form do this to me, but not my view without form. My data is escaped as expected when inserting, and when editing the slashes are striped as expected. Like I said, I don't have double slashes. The issue is in my view list.phtml or in my view.phtml. Do I have to use stripslashes in such case? If not, where in Zend_Db_Table_Row_Abstract have an action to strip slashes? I can't see it. Hector Virgen [via Zend Framework Community] escreveu: Normally you shouldn't have to strip slashes on data >coming out of the database. I think you'd be better off finding out why >the data is being escaped twice than trying to undo something that >shouldn't have been done in the first place (double-escaping). > > > >Does the problem exist with code-created data, too, such as in >my example? > >>-- >>Hector > > > >On Wed, Feb 24, 2010 at 6:08 PM, Keyne <[hidden email]> wrote: > > >>>>I don't need to use addslashes, just stripslashes in my view. >> >>>> public function insert($data) >>>> { >>>> $data = array( >>>> 'nome' => $data['nome'], >>>> 'email' => $data['email'], >>>> 'sobre' => $data['sobre'] >>>> ); >> >>>> return parent::insert($data); >>>> } >> >>>>But, there is a way to turn this task (stripslashes) automatic? >> >> >> >> >>>>Hector Virgen wrote: >>>>> >>>>> How are you inserting that into the database? Here's one way to do >>it that >>>>> should work: >>>>> >>>>> $id = $db->insert('mytable', array( >>>>> 'theString' => "I'm both entrepeneaur and..." >>>>> )); >>>>> >>>>> Note that this method automatically builds the SQL and escapes the >>values >>>>> for me -- no need to use addslashes() or >>mysql_real_escape_string(). >>>>> >>>>> Also, have you verified that magic quotes is off? You can run this >>code to >>>>> check: >>>>> >>>>> Zend_Debug::dump(get_magic_quotes_gpc()); >>>>> >>>>> -- >>>>> Hector >>>>> >>>>> >>>>> On Wed, Feb 24, 2010 at 5:34 PM, Keyne <[hidden email]> wrote: >>>>> >>>>>> >>>>>> I have the same issue. Magic quotes is off. >>>>>> >>>>>> My result looks like: "I\'m both entrepreneur and..." >>>>>> The database row looks like this too: "I\'m both entrepreneur >>and..." >>>>>> >>>>>> And to get the data I use $this->fetchAll()->toArray(); >>>>>> >>>>>> Then I need to use stripslashes. >>>>>> >>>>>> What I need to do to avoid this? >>>>>> >>>>>> >>>>>> Mark Steudel wrote: >>>>>> > >>>>>> > Have you looked to see if magic_quotes are on? >>>>>> > >>>>>> > On Wed, Feb 24, 2010 at 1:03 PM, Jurian Sluiman >>>>>> > <[hidden email]> wrote: >>>>>> >> On Sunday 21 Feb 2010 21:43:04 troels knak-nielsen >>wrote: >>>>>> >>> If that's the case, then you have double escaping >>going on. The data >>>>>> >>> should not contain the slash once it's in the >>database. The point of >>>>>> >>> adding the slash is to "protect" the data when >>it's embedded in *the >>>>>> >>> query*. That is also why you don't have to (and >>indeed should not) >>>>>> >>> unescape anything when reading from the database. >>The slashes are >>>>>> >>> *only* there because you're embedding data in a >>query. >>>>>> >>> >>>>>> >>> Compare this with a string literal in php. Given >>the following: >>>>>> >>> >>>>>> >>> echo "A \"double\" quote"; >>>>>> >>> >>>>>> >>> Running this php code will output: >>>>>> >>> >>>>>> >>> A "double" quote >>>>>> >>> >>>>>> >>> That's because the *data* doesn't contain any >>slashes. The slashes >>>>>> are >>>>>> >>> there so that the php parser can read the literal >>string. Once they >>>>>> >>> have been read into memory, the slashes are gone. >>Same thing with >>>>>> sql. >>>>>> >> >>>>>> >> (sorry for my late reaction) >>>>>> >> >>>>>> >> So actually it isn't the data *retrieval* but rather >>the *insertion* >>>>>> if >>>>>> I >>>>>> >> understand you right? The things I do are 99% from >>the manual: >>>>>> >> >>>>>> >> * Database initialized by application resource (db >>params: host, >>>>>> >> username, >>>>>> >> passwd, db name, isDefault = true) >>>>>> >> * Data into model (My_Model_Name) and saves it into >>mapper >>>>>> >> (My_Model_NameMapper). >>>>>> >> * Mapper has DbTable obj, My_Model_DbTable_Name and >>extends >>>>>> >> Zend_Db_Table_Abstract >>>>>> >> * Data is saved through >>Zend_Db_Table_Abstract::insert() or >>>>>> >> Zend_Db_Table_Abstract::update() methods >>>>>> >> >>>>>> >> After calling the method the strings are in the >>database like I said >>>>>> (so >>>>>> >> _with_ quotes). What's are the things I can look >>after (php settings, >>>>>> >> mysql >>>>>> >> settings, system settings) to solve this problem? >>>>>> >> >>>>>> >> Thanks in advance, >>>>>> >> Jurian >>>>>> >> -- >>>>>> >> Jurian Sluiman >>>>>> >> CTO Soflomo V.O.F. >>>>>> >> http://soflomo.com >>>>>> >> >>>>>> > >>>>>> > >>>>>> > >>>>>> > -- >>>>>> > >>>>>> > ----------------------------------------- >>>>>> > Mark Steudel >>>>>> > P: 206.375.7244 >>>>>> > [hidden email] >>>>>> > >>>>>> > . : Work : . >>>>>> > http://www.mindfulinteractive.com >>>>>> > >>>>>> > . : Play : . >>>>>> > http://www.steudel.org/blog >>>>>> > >>>>>> > >>>>>> >>>>>> -- >>>>>> View this message in context: >>>>>> http://n4.nabble.com/Escape-stripslashes-and-html-entities-tp1562340p1568393.html >>>>>> Sent from the Zend Framework mailing list archive at >>Nabble.com. >>>>>> >>>>> >>>>> >> >>-- >>>>View this message in context: >>>>http://n4.nabble.com/Escape-stripslashes-and-html-entities-tp1562340p1568423.html >> >>Sent from the Zend Framework mailing list archive >>at Nabble.com. >> > ________________________________ View this message in context: Re: Escape, stripslashes and html entities Sent from the Zend Framework mailing list archive at Nabble.com.
