FRIHOSTFORUMSFAQTOSBLOGSDIRECTORY
You are invited to Log in or Register a Frihost Account!

Convert BackslashQuote to Quote

   Frihost Forum Index -> Scripting -> Php and MySQL
 


sunpascal
hi,

i'm having trouble with the encoding of quotes in a form.

Everytime I post data through a form php converts all the quotes to backslash-quote (\").

Is there a way to undo or decode this so that I would again receive the "normal" quotes without the backslash?

thanks for your help
sunpascal
nevermind
str_ireplace does that
Stubru Freak
sunpascal wrote:
nevermind
str_ireplace does that


Stripslashes is probably easier.

PHP escapes your quotes for security reasons. It assumes you will use it in a MySQL query, and then it has to be escaped. The name of this feature is magic_quotes_gpc.
But this was a bad decision in most experts' opinion. The escaped variables aren't safe for MySQL yet, you have to first do stripslashes, and then mysql_real_escape_string. Also, a lot of GPC variables aren't going to be used for MySQL.
This also makes your code unsafe when porting it to a server without magic_quotes_gpc enabled. For this reason, according to php.net, "this feature has been DEPRECATED and REMOVED as of PHP 6.0.0. Relying on this feature is highly discouraged."
I'd recommend disabling this feature, by setting it to off in a .htaccess file, and just making sure you properly escape your variables.
sunpascal
Stubru Freak wrote:
sunpascal wrote:
nevermind
str_ireplace does that


Stripslashes is probably easier.

PHP escapes your quotes for security reasons. It assumes you will use it in a MySQL query, and then it has to be escaped. The name of this feature is magic_quotes_gpc.
But this was a bad decision in most experts' opinion. The escaped variables aren't safe for MySQL yet, you have to first do stripslashes, and then mysql_real_escape_string. Also, a lot of GPC variables aren't going to be used for MySQL.
This also makes your code unsafe when porting it to a server without magic_quotes_gpc enabled. For this reason, according to php.net, "this feature has been DEPRECATED and REMOVED as of PHP 6.0.0. Relying on this feature is highly discouraged."
I'd recommend disabling this feature, by setting it to off in a .htaccess file, and just making sure you properly escape your variables.


ok thanks for the advice
Reply to topic    Frihost Forum Index -> Scripting -> Php and MySQL

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2007 Frihost, forums powered by phpBB.