Chris (nice name), Chris Kay wrote:
>A worm of many subjects \\\"The Klez\\\" worm arrives in an e-mail > Anytime you see three backslashes in a row, the likely case is the addslashes() has been performed twice. For example, the following two iterations: 1. "The Klez" -> \"The Klez\" 2. \"The Klez\" -> \\\"The Klez\\\" (the \ is escaped as \\ and the " is escaped as \") If your php.ini specifies that magic quotes are on, then that is likely the reason for one execution of stripslashes() that you might be overlooking. Otherwise, check your code carefully to ensure that you know when data has been escaped. A good habit is to use a strict naming convention to help you: $clean_data=stripslashes($data); >I have fixed this with stripslashes() but problem I am having is that >If a ( ' ) is used in the email and I loose what ever is after ' > When you store this in the database, the single quote terminates the literal string: $data="It's hot in Memphis!"; $sql_statement="insert into quotes values('$data');"; echo $sql_statement; This will give you: insert into quotes values ('It's hot in Memphis!); As you can see, your string only consists of "It" at this point. >$emailbody = stripslashes($_POST["body"]); >$emailbody = stripslashes($emailbody); > Well, here's where you're executing stripslashes() twice. See above. My suggestion is to not try to get your message into a variable that can be used in an SQL query and be sent in an email. You want these to use two different formats. For the email, leave the single quotes as they are; you don't want to see the escaped quotes. For inserting into the database, make sure they are escaped with stripslashes(). Happy hacking. Chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php