What is putting a \ before all single quotes in an input form? Here is
an example:
Page 1:
<form action="page2.php">
<input type="text" name="aninput" />
</form>
page2.php:
....
echo $_GET['aninput'];
....
If I enter "Bob's place" on page 1, then page2.php will out put "Bob\'s
place". What is putting the \ before the single quote? Is there a way to
stop it?
7  1472 
Ken wrote: What is putting a \ before all single quotes in an input form? Here is
an example:
Page 1:
<form action="page2.php">
<input type="text" name="aninput" />
</form>
page2.php:
...
echo $_GET['aninput'];
...
If I enter "Bob's place" on page 1, then page2.php will out put "Bob\'s
place". What is putting the \ before the single quote? Is there a way to
stop it?
see: http://us2.php.net/manual/en/function.stripslashes.php
M.
Thanks. That will solve it, but why is it there in the first place?
noone wrote: Ken wrote:
What is putting a \ before all single quotes in an input form? Here is
an example:
Page 1:
<form action="page2.php">
<input type="text" name="aninput" />
</form>
page2.php:
...
echo $_GET['aninput'];
...
If I enter "Bob's place" on page 1, then page2.php will out put
"Bob\'s place". What is putting the \ before the single quote? Is
there a way to stop it?
see:
http://us2.php.net/manual/en/function.stripslashes.php
M.
What you are describing is an issue that all php newbies face.
It is caused by a setting in the PHP configuration file called
magic_quotes_gpc. If this is turned on (which it is by default), all '
(single-quotes), " (double quotes), and \ (backslashs) are escaped with
a backslash automatically in the GET, POST, and COOKIE globals.
Many databases (MySQL for example) and other systems need escape
characters to handle such characters. PHP automatically adds these
slashes so you don't have to when you want to use the data in other
systems. Isn't that nice of PHP? Many people, including myself, say
NO! But it does.
You have two options:
1. Change the PHP configuration of magic_quotes_gpc to off.
2. Use the stripslashes() function to remove the escape slashes from
the posted variables. I strongly suggest that you use this method
because if you simply change the configuration, your script would not
work right on other systems not properly configured.
Thanks so much for the detailed explanation!
Paul Haxter wrote: What you are describing is an issue that all php newbies face.
It is caused by a setting in the PHP configuration file called
magic_quotes_gpc. If this is turned on (which it is by default), all '
(single-quotes), " (double quotes), and \ (backslashs) are escaped with
a backslash automatically in the GET, POST, and COOKIE globals.
Many databases (MySQL for example) and other systems need escape
characters to handle such characters. PHP automatically adds these
slashes so you don't have to when you want to use the data in other
systems. Isn't that nice of PHP? Many people, including myself, say
NO! But it does.
You have two options:
1. Change the PHP configuration of magic_quotes_gpc to off.
2. Use the stripslashes() function to remove the escape slashes from
the posted variables. I strongly suggest that you use this method
because if you simply change the configuration, your script would not
work right on other systems not properly configured.
Carved in mystic runes upon the very living rock, the last words of Paul
Haxter of comp.lang.php make plain: It is caused by a setting in the PHP configuration file called
magic_quotes_gpc. If this is turned on (which it is by default), all '
(single-quotes), " (double quotes), and \ (backslashs) are escaped with
a backslash automatically in the GET, POST, and COOKIE globals.
Is it still on by default? I thought they changed that. IMO it's the
stupidest feature ever designed in PHP. Sure, it saves the step of having
to add slashes, but adds the step of having to remove them. It smacks of
MS: "We know best what you want to do with your data!"
--
Alan Little
Phorm PHP Form Processor http://www.phorm.com/
Why not simply write your own safe addslashes function? You can then
use it on form input or whatever you wish, and regardless of the server
environment the slashes will or will not be appended as neccessary:
[PHP]
function safeAddSlashes($str) {
if(!get_magic_quotes_gpc()) {
if(is_array($str)) {
$str = array_map_recursive('stripslashes', $str);
} else {
$str = addslashes($str);
}
}
return $str;
}
[/PHP]
So in a nutshell, if quotes are already escaped due the the magic
quotes configuration then they will not be escaped further (as ordinary
use of the addslashes() function would do). However, if magic quotes
are off then the data input into the function will be escaped. You can
use it on strings, for example if register globals is on and you are
escaping singular variables, or entire arrays, $POST for example. I
hope this helps. =]
Why not simply write your own safe addslashes function? You can then
use it on form input or whatever you wish, and regardless of the server
environment the slashes will or will not be appended as neccessary:
[PHP]
function safeAddSlashes($str) {
if(!get_magic_quotes_gpc()) {
if(is_array($str)) {
$str = array_map_recursive('addslashes', $str);
} else {
$str = addslashes($str);
}
}
return $str;
}
[/PHP]
So in a nutshell, if quotes are already escaped due the the magic
quotes configuration then they will not be escaped further (as ordinary
use of the addslashes() function would do). However, if magic quotes
are off then the data input into the function will be escaped. You can
use it on strings, for example if register globals is on and you are
escaping singular variables, or entire arrays, $POST for example. I
hope this helps. =]
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Viorel |
last post by:
For me is a little bit mysterious how work encoding and decoding functions,
what is underneath of their calling?
Encoding1.GetBytes(string1); in particularly ASCII.GetBytes(string1)
...
|
by: SteveS |
last post by:
Can anyone help with a mysterious problem that has arisen since 'upgrading'
from 8 to 9.2.0.4?
The situation is this:
Queries that worked fine under 8 are now producing *really* strange...
|
by: M Wells |
last post by:
Hi All,
I'm trying to track down a mysterious problem we're experiencing in
which updates and inserts to tables in our mssql2k server appear to be
'disappearing.'
To explain our situation:
...
|
by: Bruce W.1 |
last post by:
BACKGROUND
My ASP.NET app has been running (or rather available) on a server for
about 4 months now. The server is at
http://www.webhost4life.com/
They don't add cookies to any of the sites...
|
by: Max |
last post by:
Hi There!
I'm having a mysterious error right after I login using Forms Authentication
in my ASP.NET app. Below is the error...
Exception Details: System.NullReferenceException: Object...
|
by: Sergey |
last post by:
Hi everyone,
It looks like a mystery, but I hope there should be some explanation to
the issue I experience. Once in a blue moon a random stored procedure
stops working the way it was designed....
|
by: CoreyWhite |
last post by:
The following experiment is a demonstration of TIME TRAVEL. When
writing this program, and testing it out I found that sometimes the
program would engage itself in time travel but other times it...
|
by: Martin Jørgensen |
last post by:
Hi,
In continuation of the thread I made "perhaps a stack problem? Long
calculations - strange error?", I think I now got a "stable" error,
meaning that the error always seem to come here now...
|
by: Gerry |
last post by:
I'm using pyExcelerator and xlrd to read and write data from and to
two spreadsheets.
I created the "read" spreadsheet by importing a text file - and I had
no unicode aspirations.
When I read...
|
by: Cyril Gupta |
last post by:
Hello Friends & Experts,
I am having a little problem with my new Asp.net 2 website. Whenever I run
the website (in debug, or on server) a mysterious text is added to my URL
like this: -
...
|
by: taylorcarr |
last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
| |
