Ken Robinson wrote:
At 10:42 PM 1/8/2008, Kristina Anderson wrote:
I'm having yet another apostrophe-related issue. It seems that the
slashes are being added automatically by the HTML form and inserted
into the database on save. Magic quotes is on (get_magic_quotes_gpc
(); returns 1) and I have removed any addslashes() functions from my
code.
The slashes seem to be spawning, i.e. the first round after
entering 's and saving, I get back /'s in the text box, the next
round ///'s, etc.
Soon enough I have a text box full of ////////////////////////////////
You should be using
$var = mysql_real_escape_string(stripslashes($var));
before adding to your database.
After you retrieve the value, use
$var = htmlentities(stripslashes($var),ENT_QUOTES);
when displaying the value back to the screen.
Ken
Umm, no.
Lose both invocations of stripslashes and it will work properly.
You should be using
$var = mysql_real_escape_string($var);
before adding to your database.
After you retrieve the value, use
$var = htmlentities($var,ENT_QUOTES);
when displaying the value back to the screen.
See http://nyphp.org/phundamentals/storingretrieving.php for more details.
Dan
_______________________________________________
New York PHP Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk
NYPHPCon 2006 Presentations Online
http://www.nyphpcon.com
Show Your Participation in New York PHP
http://www.nyphp.org/show_participation.php
