473,322 Members | 1,734 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,322 software developers and data experts.

stripslashes vs quotes

Hmm, I can apply stripslashes() to a string, causing it to remove slashes
near quotes (\") but how can I change this quotes to appropriate HTML
quotes like "?
Jul 24 '07 #1
6 2283
..oO(Sergei Riaguzov)
>Well then I will ask a lamer question, what is the best way to deal with
situation when you have a textarea in a form and some text in some other
place on the page, and everything which is written in the form is send to
the same page via POST to the same textarea which produces slashes?
Slashes are produced by magic quotes, an old and absolutely broken
concept. Thankfully it will be removed in PHP 6. But for now you have to
call get_magic_quotes_gpc() to check if MQs are enabled. If that's the
case, call stripslashes() on the POST or GET values to get the raw data.
That's what you should always work with.

Then, when printing something out to an HTML page again, run it through
htmlspecialchars() to take care of these special chars that might break
your HTML (<, & and ").

Micha
Jul 24 '07 #2
..oO(Sergei Riaguzov)
>No it should be just text. I ended up in:

htmlspecialchars(stripslashes($_POST["blabla"]), ENT_QUOTES);
This might break if magic quotes are turned off! Only use stripslashes()
when necessary. See my other reply.

Micha
Jul 24 '07 #3
On Tue, 24 Jul 2007 13:10:37 +0200, Michael Fesser wrote:
Slashes are produced by magic quotes, an old and absolutely broken
concept. Thankfully it will be removed in PHP 6. But for now you have to
call get_magic_quotes_gpc() to check if MQs are enabled. If that's the
case, call stripslashes() on the POST or GET values to get the raw data.
That's what you should always work with.
OK, thank you! I will use "if (get_magic_quotes_gpc())" check before
applying stripslashes() and won't apply it in case get_magic_quotes_gpc()
returns false.
Jul 24 '07 #4
Rik wrote:
Allthough the content of a textarea isn't an attribute, so most tag-soup
HTML browsers would have no problem displaying it properly with normal
qoutes.
As will conformant HTML browsers: it's perfectly legal to include
unescaped quotes in a <textarea>.

--
Toby A Inkster BSc (Hons) ARCS
[Geek of HTML/SQL/Perl/PHP/Python/Apache/Linux]
[OS: Linux 2.6.12-12mdksmp, up 33 days, 19:09.]

Parsing an HTML Table with PEAR's XML_HTTPSax3
http://tobyinkster.co.uk/blog/2007/0...table-parsing/
Jul 24 '07 #5
Sergei Riaguzov wrote:
On Tue, 24 Jul 2007 13:10:37 +0200, Michael Fesser wrote:
>Slashes are produced by magic quotes, an old and absolutely broken
concept. Thankfully it will be removed in PHP 6. But for now you have to
call get_magic_quotes_gpc() to check if MQs are enabled. If that's the
case, call stripslashes() on the POST or GET values to get the raw data.
That's what you should always work with.
OK, thank you! I will use "if (get_magic_quotes_gpc())" check before
applying stripslashes() and won't apply it in case get_magic_quotes_gpc()
returns false.
The ternary conditional operator comes in handy here, so your original
function call:

htmlspecialchars(stripslashes($_POST["blabla"]), ENT_QUOTES);

becomes

htmlspecialchars(get_magic_quotes_gpc()?stripslash es($_POST["blabla"]):$_POST["blabla"],ENT_QUOTES);

Robin

Jul 25 '07 #6
..oO(Robin)
>The ternary conditional operator comes in handy here, so your original
function call:

htmlspecialchars(stripslashes($_POST["blabla"]), ENT_QUOTES);

becomes

htmlspecialchars(get_magic_quotes_gpc()?stripslas hes($_POST["blabla"]):$_POST["blabla"],ENT_QUOTES);
I would rather put that into a function:

function getPostData($name) {
if (isset($_POST[$name])) {
return get_magic_quote_gpc()
? stripslashes($_POST[$name])
: $_POST[$name];
} else {
return NULL;
}
}

Or something like that.

Micha
Jul 25 '07 #7

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

1
by: lawrence | last post by:
Over on www.monkeyclaus.org I'm getting back slashes showing up on my web pages, where this function outputs. This despite the explicit use of stripslashes(). Does anyone know why this might be?
2
by: Phil Powell | last post by:
If $val is the following: ....Just revamped the site's Content Management Application I built.. so do bear in mind.. sorry! Phil stripslashes(htmlspecialchars($val)) should produce the...
4
by: Dave Moore | last post by:
Hi All, Can anybody point me to a FAQ or similar that describes what all this stuff is about please?. I'm interfacing with a MySQL database if that's relavent. I've read a couple of books which...
24
by: deko | last post by:
I'm trying to log error messages and sometimes (no telling when or where) the message contains a string with double quotes. Is there a way get the query to insert the string with the double...
4
by: (PeteCresswell) | last post by:
Is his just a flat-out "No-No" or is there some workaround when it comes time for SQL searches and DAO.FindFirsts against fields containing same? I can see maybe wrapping the value searched for...
4
by: Areric | last post by:
hey all, I recently got in a bit of a fight with my webhost because he made some changes to my server. Specifically they updated php without telling me. They are now running PHP 4.4.1 (not sure...
4
by: Terry | last post by:
I have a form that my wife uses to update her tennis racket website. I modified it to allow data entry, modify, and delete. If you enter an id number you get the matching record if there is one. ...
5
by: lawrence k | last post by:
This seems so simple, I can't believe its tripping me up. I've a database class with a query method that looks like this: function query($query=false) { global $controller; // $query =...
23
omerbutt
by: omerbutt | last post by:
hi there i am working on a project based on php mysql and html now as i was using an more secure method to authenticate login information than simply getting the post variables and comparing it with...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.