NYCPHP Meetup

NYPHP.org

[nycphp-talk] Another Apostrophe-related issue

Kristina Anderson ka at kacomputerconsulting.com
Wed Jan 9 20:44:37 EST 2008 

What was really strange was that this wasn't happening with any of the 
other forms...I think that existing escape characters in the data 
caused the initial issue?

> Thanks!  And this will result in it being saved into the database 
with 
> no escape characters, which is the proper way to do it as I can see.
> 
> 
> > Ken Robinson wrote:
> > > At 10:42 PM 1/8/2008, Kristina Anderson wrote:
> > >> I'm having yet another apostrophe-related issue.  It seems that 
> the
> > >> slashes are being added automatically by the HTML form and 
> inserted
> > >> into the database on save.  Magic quotes is on 
> (get_magic_quotes_gpc
> > >> (); returns 1) and I have removed any addslashes() functions 
from 
> my
> > >> code.
> > >>
> > >> The slashes seem to be spawning, i.e. the first round after
> > >> entering 's and saving, I get back /'s in the text box, the next
> > >> round ///'s, etc.
> > >>
> > >> Soon enough I have a text box full 
> of ////////////////////////////////
> > > 
> > > You should be using
> > > 
> > > $var = mysql_real_escape_string(stripslashes($var));
> > > 
> > > before adding to your database.
> > > 
> > > After you retrieve the value, use
> > > $var = htmlentities(stripslashes($var),ENT_QUOTES);
> > > 
> > > when displaying the value back to the screen.
> > > 
> > > Ken
> > 
> > Umm, no.
> > 
> > Lose both invocations of stripslashes and it will work properly.
> > 
> > You should be using
> > 
> > $var = mysql_real_escape_string($var);
> > 
> > before adding to your database.
> > 
> > After you retrieve the value, use
> > $var = htmlentities($var,ENT_QUOTES);
> > 
> > when displaying the value back to the screen.
> > 
> > See http://nyphp.org/phundamentals/storingretrieving.php for more 
> details.
> > 
> > Dan
> > _______________________________________________
> > New York PHP Community Talk Mailing List
> > http://lists.nyphp.org/mailman/listinfo/talk
> > 
> > NYPHPCon 2006 Presentations Online
> > http://www.nyphpcon.com
> > 
> > Show Your Participation in New York PHP
> > http://www.nyphp.org/show_participation.php
> > 
> > 
> 
> -------------------
> Kristina D. H. Anderson
> Senior Application Developer/Consultant
> "Building a Better Tomorrow, One Line of Code at a Time"
> 646-247-4987
> 
> 
> 
> 

-------------------
Kristina D. H. Anderson
Senior Application Developer/Consultant
"Building a Better Tomorrow, One Line of Code at a Time"
646-247-4987

More information about the talk mailing list