By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
438,348 Members | 1,397 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 438,348 IT Pros & Developers. It's quick & easy.

htmlentities adds slashes - why?

P: n/a

Folks,
I'm using Apache/1.3.28 (SuSE 7.1, kernal 2.4) with PHP/4.3.2. I have the
following code to help cleanse form data.

function cleanData($sourceData, &$cleanData)
{ foreach($myData as $fieldName=>$fieldValue)
{ if(strlen($fieldValue)>0)
{ $cleanData[$fieldName]=htmlentities(trim($fieldValue)); }
else
{ $cleanData[$fieldName]=""; }
}

return;
}

cleanData($_POST, $formData);
I tested the code and found a \ was placed before double quotes
automatically - I have had to use stripslashes to clean the offending
slashes but I was wondering why they appeared the first place. A view
source of my html code, via my client browser produced the following (until
I used stripslashes which removed the slashes).

\"here\"

What is the recommended action here? Is it something I need switch off in
php.ini or is it safer for me just to continue and use stripslashes as part
of my function?

Thanks
randelld

Jul 16 '05 #1
Share this Question
Share on Google+
3 Replies


P: n/a
uws
I <U3***********************@news2.calgary.shaw.ca >, Randell D. skrev:
I tested the code and found a \ was placed before double quotes
automatically - I have had to use stripslashes to clean the offending
slashes but I was wondering why they appeared the first place.


Because " is used as a string delimiter in html tag attributes,
htmlentities() adds a backslash to make sure those double quotes are not
treated as such.

dag maar weer tot de volgende keer meneer, Wouter

--
:wq mail uw*@xs4all.nl

so much we don't know :: even our own true face -- after forever
Jul 16 '05 #2

P: n/a
On Fri, 8 Aug 2003 11:58:05 +0200, uws <uw*@xs4all.invalid> wrote:
I <U3***********************@news2.calgary.shaw.ca >, Randell D. skrev:
I tested the code and found a \ was placed before double quotes
automatically - I have had to use stripslashes to clean the offending
slashes but I was wondering why they appeared the first place.


Because " is used as a string delimiter in html tag attributes,
htmlentities() adds a backslash to make sure those double quotes are not
treated as such.


No... If it were to escape a double quote in HTML, it would output &quot;

Backslashes do not escape in HTML. This is not caused by htmlentities, or if
it is, it's a bug in a specific version...

--
Andy Hassall (an**@andyh.co.uk) icq(5747695) (http://www.andyh.co.uk)
Space: disk usage analysis tool (http://www.andyhsoftware.co.uk/space)
Jul 16 '05 #3

P: n/a
On Fri, 08 Aug 2003 09:29:24 GMT, "Randell D."
<yo**************************@yahoo.com> wrote:
I'm using Apache/1.3.28 (SuSE 7.1, kernal 2.4) with PHP/4.3.2. I have the
following code to help cleanse form data.

function cleanData($sourceData, &$cleanData)
{ foreach($myData as $fieldName=>$fieldValue)
{ if(strlen($fieldValue)>0)
{ $cleanData[$fieldName]=htmlentities(trim($fieldValue)); }
else
{ $cleanData[$fieldName]=""; }
}

return;
}

cleanData($_POST, $formData);

I tested the code and found a \ was placed before double quotes
automatically - I have had to use stripslashes to clean the offending
slashes but I was wondering why they appeared the first place. A view
source of my html code, via my client browser produced the following (until
I used stripslashes which removed the slashes).

\&quot;here\&quot;
This indicates that your original string was:

\"here\"

_before_ it got to htmlentities.

Do you have magic_quotes_gpc turned on? If this is on, all incoming
POST/GET/etc. data is escaped la addslashes().
What is the recommended action here? Is it something I need switch off in
php.ini or is it safer for me just to continue and use stripslashes as part
of my function?


Turn off magic_quotes_gpc and use addslashes() where appropriate (i.e. not in
this case).

--
Andy Hassall (an**@andyh.co.uk) icq(5747695) (http://www.andyh.co.uk)
Space: disk usage analysis tool (http://www.andyhsoftware.co.uk/space)
Jul 16 '05 #4

This discussion thread is closed

Replies have been disabled for this discussion.