Chris (nice name),
Chris Kay wrote:
>A worm of many subjects \\\"The Klez\\\" worm arrives in an e-mail
>
Anytime you see three backslashes in a row, the likely case is the
addslashes() has been performed twice. For example, the following two
iterations:
1. "The Klez" -> \"The Klez\"
2. \"The Klez\" -> \\\"The Klez\\\" (the \ is escaped as \\ and the " is
escaped as \")
If your php.ini specifies that magic quotes are on, then that is likely
the reason for one execution of stripslashes() that you might be
overlooking. Otherwise, check your code carefully to ensure that you
know when data has been escaped. A good habit is to use a strict naming
convention to help you:
$clean_data=stripslashes($data);
>I have fixed this with stripslashes() but problem I am having is that
>If a ( ' ) is used in the email and I loose what ever is after '
>
When you store this in the database, the single quote terminates the
literal string:
$data="It's hot in Memphis!";
$sql_statement="insert into quotes values('$data');";
echo $sql_statement;
This will give you:
insert into quotes values ('It's hot in Memphis!);
As you can see, your string only consists of "It" at this point.
>$emailbody = stripslashes($_POST["body"]);
>$emailbody = stripslashes($emailbody);
>
Well, here's where you're executing stripslashes() twice. See above.
My suggestion is to not try to get your message into a variable that can
be used in an SQL query and be sent in an email. You want these to use
two different formats. For the email, leave the single quotes as they
are; you don't want to see the escaped quotes. For inserting into the
database, make sure they are escaped with stripslashes().
Happy hacking.
Chris
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
