By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
459,528 Members | 1,324 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 459,528 IT Pros & Developers. It's quick & easy.

stripslashes vs quotes

P: n/a
Hmm, I can apply stripslashes() to a string, causing it to remove slashes
near quotes (\") but how can I change this quotes to appropriate HTML
quotes like "?
Jul 24 '07 #1
Share this Question
Share on Google+
6 Replies


P: n/a
..oO(Sergei Riaguzov)
>Well then I will ask a lamer question, what is the best way to deal with
situation when you have a textarea in a form and some text in some other
place on the page, and everything which is written in the form is send to
the same page via POST to the same textarea which produces slashes?
Slashes are produced by magic quotes, an old and absolutely broken
concept. Thankfully it will be removed in PHP 6. But for now you have to
call get_magic_quotes_gpc() to check if MQs are enabled. If that's the
case, call stripslashes() on the POST or GET values to get the raw data.
That's what you should always work with.

Then, when printing something out to an HTML page again, run it through
htmlspecialchars() to take care of these special chars that might break
your HTML (<, & and ").

Micha
Jul 24 '07 #2

P: n/a
..oO(Sergei Riaguzov)
>No it should be just text. I ended up in:

htmlspecialchars(stripslashes($_POST["blabla"]), ENT_QUOTES);
This might break if magic quotes are turned off! Only use stripslashes()
when necessary. See my other reply.

Micha
Jul 24 '07 #3

P: n/a
On Tue, 24 Jul 2007 13:10:37 +0200, Michael Fesser wrote:
Slashes are produced by magic quotes, an old and absolutely broken
concept. Thankfully it will be removed in PHP 6. But for now you have to
call get_magic_quotes_gpc() to check if MQs are enabled. If that's the
case, call stripslashes() on the POST or GET values to get the raw data.
That's what you should always work with.
OK, thank you! I will use "if (get_magic_quotes_gpc())" check before
applying stripslashes() and won't apply it in case get_magic_quotes_gpc()
returns false.
Jul 24 '07 #4

P: n/a
Rik wrote:
Allthough the content of a textarea isn't an attribute, so most tag-soup
HTML browsers would have no problem displaying it properly with normal
qoutes.
As will conformant HTML browsers: it's perfectly legal to include
unescaped quotes in a <textarea>.

--
Toby A Inkster BSc (Hons) ARCS
[Geek of HTML/SQL/Perl/PHP/Python/Apache/Linux]
[OS: Linux 2.6.12-12mdksmp, up 33 days, 19:09.]

Parsing an HTML Table with PEAR's XML_HTTPSax3
http://tobyinkster.co.uk/blog/2007/0...table-parsing/
Jul 24 '07 #5

P: n/a
Sergei Riaguzov wrote:
On Tue, 24 Jul 2007 13:10:37 +0200, Michael Fesser wrote:
>Slashes are produced by magic quotes, an old and absolutely broken
concept. Thankfully it will be removed in PHP 6. But for now you have to
call get_magic_quotes_gpc() to check if MQs are enabled. If that's the
case, call stripslashes() on the POST or GET values to get the raw data.
That's what you should always work with.
OK, thank you! I will use "if (get_magic_quotes_gpc())" check before
applying stripslashes() and won't apply it in case get_magic_quotes_gpc()
returns false.
The ternary conditional operator comes in handy here, so your original
function call:

htmlspecialchars(stripslashes($_POST["blabla"]), ENT_QUOTES);

becomes

htmlspecialchars(get_magic_quotes_gpc()?stripslash es($_POST["blabla"]):$_POST["blabla"],ENT_QUOTES);

Robin

Jul 25 '07 #6

P: n/a
..oO(Robin)
>The ternary conditional operator comes in handy here, so your original
function call:

htmlspecialchars(stripslashes($_POST["blabla"]), ENT_QUOTES);

becomes

htmlspecialchars(get_magic_quotes_gpc()?stripslas hes($_POST["blabla"]):$_POST["blabla"],ENT_QUOTES);
I would rather put that into a function:

function getPostData($name) {
if (isset($_POST[$name])) {
return get_magic_quote_gpc()
? stripslashes($_POST[$name])
: $_POST[$name];
} else {
return NULL;
}
}

Or something like that.

Micha
Jul 25 '07 #7

This discussion thread is closed

Replies have been disabled for this discussion.