removing escaped char returned in textarea $_POST [Archive]

Click to See Complete Forum and Search --> : removing escaped char returned in textarea $_POST

Nap

03-20-2007, 05:41 PM

Hi guys,
I have a textarea in my html form where the user enters text. The form is posted back to the php page that is processing it.
The php then sends the typed text to various users via email. In addition to sending the email, I store the typed text into a MySQL table, after parsing it with nl2br(htmlspecialchars($_POST[comments])).

The problem I have is that if the user types a ' character in the textarea, the $_POST[comment] field returns with the ' escaped to \' and the email sent has the \ character in it. However, the data stored in MySQL is fine.

I've tried using the result from htmlspecialchars($_POST[comments]) in my email, but it still shows the \.

How can I make the \ not show in the email?

Cheers,
Nap

jignesh1

03-20-2007, 06:46 PM

try
nl2br(htmlspecialchars($_POST['comments'], EN_QUOTES))
then try to store to database
EN_QUOTES try to convert the quotes in to html entities

iLLin

03-20-2007, 11:20 PM

stripslashes($_POST['comments'])

Nap

03-21-2007, 12:08 AM

thnx guys,
I will try what you're suggesting after I complete the rest of the code. At the moment I've used STR_REPLACE to do it, but I know it will lead to problems later.

Cheers,
Nap

NightShift58

03-21-2007, 12:55 AM

Don't use str_replace(), use stripslashes as recommended by iLLin.

Scenario -> In the textarea, the user enters the following:
My personal files are stored in 'c:\documents'

This will be stored in the table as:
My personal files are stored in \'c:\\documents\'

By using str_replace(), you'll end up with:
My personal files are stored in 'c:documents'
which is not what the user entered.

If you use stripslashes, the result would be:
My personal files are stored in 'c:\documents'
just as entered.

Finally, I wouldn't store the textarea content using nl2br().
If you ever have to display this text in the textarea again, it would show the <br> and not the line breaks that were originally used.

You can/should use nl2br() to send the text in an HTML mail.

m_sahaly

03-21-2007, 03:15 AM

use stripslashes($_POST['comments']) ; as suggested above
or I think there might be another solution . turn on your magic quotes in your MYSQL server .and donot use htmlspecial..... this will make every thing goto the DB very well and will not add these slashes at all .. but remember that this may result in an undesired results since the HTML code entered by the user will be active .
I just wanted to suggest this solution although it is not of great help .