473,387 Members | 1,549 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > php > questions > preventing the slashing in posts.

Join Bytes to post your question to a community of 473,387 software developers and data experts.

Preventing the Slashing in posts.

I used a basic php guestbook tutorial to make a guestbook and it works fine. But with a user posts messages contained the following " ' it creates a slash with it

example of what user would post.
Braxton's Cheese
It would appear on the view page as
Braxton\'s Cheese


This is the script that the form uses to process the information

[PHP]<?php
// SQL database Variables

$hostname='';
$user=''; //'user name for MySQL database';
$pass=''; //'Password for database';
$dbase=''; //'database name';
$connection = mysql_connect("$hostname" , "$user" , "$pass") or die ("Cannot connect to database");
$db = mysql_select_db($dbase , $connection) or die ("Cannot select database");

// for register globals off
$name = mysql_escape_string($_POST["name"]);
$email = mysql_escape_string($_POST["email"]);
$sitename = mysql_escape_string($_POST["sitename"]);
$siteurl = mysql_escape_string($_POST["siteurl"]);
$comments = mysql_escape_string(strip_tags($_POST["comments"]));
$ip = $_SERVER["REMOTE_ADDR"];

// This is form.php
$q="INSERT into guestbook (id,name,email,sitename,siteurl,date,ip,comments)
VALUES ('','$name','$email','$sitename','$siteurl',now(), '$ip','$comments')";

$result= mysql_query($q) or die
("Could not execute query : $q." . mysql_error());

if ($result)
{
echo "Thank you, $name. Your entry has been recorded.";
}

?>
<meta http-equiv="refresh" content="3;URL=view-book.php">
<?php include("footer.php"); ?>[/PHP]
Apr 26 '06 #1
1 1822
Banfa
9,065 Expert Mod 8TB
Check the value of $_POST["comments"], if you have magic quotes (I think) on then PHP may have already added the slash and the mysql_escape_string will be adding at again like so:

User inputs
Braxton's Cheese
PHP changes it to
Braxton\'s Cheese
mysql_escape_string changes it to
Braxton\\\'s Cheese
And then you end up with a slash in the string in the database.
Apr 26 '06 #2

Sign in to post your reply or Sign up for a free account.

Similar topics

1
Preventing runaway mysqld process
by: David Hane | last post by:
Hi all, I would like give users the ability to experiment with complex queries but I'm worried about them creating queries that will bog down the server. Does anyone have any ideas for...
MySQL Database
11
Table Locks and Preventing Deadlock
by: EoRaptor | last post by:
I`m exporting data from many Lotus Notes databases to a DB2 database using LotusScript. The LotusScript agents commit after EACH update/insert. Nevertheless, I keep getting transaction rollbacks on...
DB2 Database
1
preventing carriage return from causing postback
by: Steve | last post by:
I have a simple form with a textbox and a command button, both web form controls (not raw HTML controls). I notice that when the user enters text in the textbox and hits carriage return, the form...
ASP.NET
4
Preventing multiple form submissions (multiple postbacks)
by: Diane Selby | last post by:
Hi- I am developing an ASP.NET application that can take a few seconds to process the request from the user. We are looking for a client-side solution that will prevent users from resubmitting...
ASP.NET
4
preventing backward navigation after logout
by: PJ6 | last post by:
After logging out of my test site I would like to be able to not allow the user to navigate back to previous pages. It's not super-important because if they try to do anything the login state has...
ASP.NET
1
Need help preventing spammers in guestbooks
by: capb | last post by:
Hello, This is my first post, and any help would be greatly appreciated. I create online memorials which contain guestbooks which have been the subject of computer generated spam. I have been able...
PHP
6
Preventing stuff from "sliding under" floats
by: Jeffrey Goldberg | last post by:
I suspect that this is a common problem (and so with a known solution/work-around), but my attempts to find it have failed. I have a float (a table of content box) on the left of a page. The...
HTML / CSS
7
Preventing Duplicate Record Insertion on Page Refresh
by: chowdary | last post by:
I am developing a PHP-mysql database. It is noted that when the browser window is refreshed the data is inserted again in the database. unfortunately there is no unique keys that I can use to...
PHP
8
Preventing IE6 from loading stylesheet
by: Mark Shroyer | last post by:
I just completed a new design for a personal web site. After finishing the basic CSS stuff and double-checking it in Safari, FF, Opera, et al., I put on my war paint and fired up IE7 to figure out...
HTML / CSS
0
Basic Javascript concepts
by: aa123db | last post by:
Variable and constants Use var or let for variables and const fror constants. Var foo ='bar'; Let foo ='bar';const baz ='bar'; Functions function $name$ ($parameters$) { } ...
Javascript
0
Batch import of multiple excel files into the database
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
Data Management
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!