NYCPHP Meetup

[Kristina Anderson]

Thanks!  And this will result in it being saved into the database with 
no escape characters, which is the proper way to do it as I can see.


> Ken Robinson wrote:
> > At 10:42 PM 1/8/2008, Kristina Anderson wrote:
> >> I'm having yet another apostrophe-related issue.  It seems that 
the
> >> slashes are being added automatically by the HTML form and 
inserted
> >> into the database on save.  Magic quotes is on 
(get_magic_quotes_gpc
> >> (); returns 1) and I have removed any addslashes() functions from 
my
> >> code.
> >>
> >> The slashes seem to be spawning, i.e. the first round after
> >> entering 's and saving, I get back /'s in the text box, the next
> >> round ///'s, etc.
> >>
> >> Soon enough I have a text box full 
of ////////////////////////////////
> > 
> > You should be using
> > 
> > $var = mysql_real_escape_string(stripslashes($var));
> > 
> > before adding to your database.
> > 
> > After you retrieve the value, use
> > $var = htmlentities(stripslashes($var),ENT_QUOTES);
> > 
> > when displaying the value back to the screen.
> > 
> > Ken
> 
> Umm, no.
> 
> Lose both invocations of stripslashes and it will work properly.
> 
> You should be using
> 
> $var = mysql_real_escape_string($var);
> 
> before adding to your database.
> 
> After you retrieve the value, use
> $var = htmlentities($var,ENT_QUOTES);
> 
> when displaying the value back to the screen.
> 
> See http://nyphp.org/phundamentals/storingretrieving.php for more 
details.
> 
> Dan
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
> 
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
> 
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
> 
> 

-------------------
Kristina D. H. Anderson
Senior Application Developer/Consultant
"Building a Better Tomorrow, One Line of Code at a Time"
646-247-4987