By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
424,949 Members | 1,077 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 424,949 IT Pros & Developers. It's quick & easy.

Problem with " being replaced with \"

P: 1
I am having a problem with a script that is having content posted to it (articles)
Any where in the content where there is a " or a ' this gets replaced with \' or \"

This renders all urls completly useless.

a sample is below

There\'s a common misconception that adware just displays advertisements, and so -- although a nuisance -- is harmless. Unfortunately, the opposite is true and \'harmless\' adware is far outweighed by what I term \'surreptitious\' adware --

and

<a href=\"http://www.avlplasticsurgery.com/\">

anyone know what could be causing this and a cure?
Jul 17 '06 #1
Share this Question
Share on Google+
4 Replies


iam_clint
Expert 100+
P: 1,208
the script is adding \ to replace ' and " to stop sql injections which can be a real problem. so what you need to is replace the string with "" where \ is
basicly when your inserting data into a database from a variable you want todo this because say your string looks like this
variable = ' or 1 = 1
strsql = "select * from users where user_name='variable'"
it now becomes "select * from users where user_name = '' or 1=1"
which can cause some problems... so basicly your problem is its trying to encode the post to make it harder for a sql injection.
Jul 17 '06 #2

iam_clint
Expert 100+
P: 1,208
BTW i believe its called character escaping if i am not mistaking
Jul 18 '06 #3

Banfa
Expert Mod 5K+
P: 8,916
BTW i believe its called character escaping if i am not mistaking
Completely correct and it is present in a lot of languages and communications protocols, special characters (normally the delimiters for a string or message) have to be escaped to appear in the middle of a string (or message), then of course in order to get the escape character itself that also has to be escaped.
Jul 19 '06 #4

ronverdonk
Expert 2.5K+
P: 4,258
But I really don't see the problem. It is a standard precaution to add slashes and when you want to get rid of them with, e.g. posted data, you just do
[PHP]$var = stripslashes($_POST['name']) [/PHP]

Ronald :cool:
Jul 21 '06 #5

Post your reply

Sign in to post your reply or Sign up for a free account.