Results 1 to 3 of 3

Thread: Backslashes in a form

  1. #1
    Join Date
    Oct 2010

    Backslashes in a form

    I have a problem with the form on my website here:

    The problem is that all ' (single-quote), " (double quote) and \ (backslash) are escaped with a backslash automatically.

    I turned off magic_quotes in php.ini, but the problem is still there (I used phpinfo to check that magic_quotes are really off).

    So I used stripslashes() in the code that pass the values into the database:

    $articleDetails['comments'] = stripslashes($_POST['comments']);
    $articleDetails['articlenames'] = stripslashes($_POST['articlename']);
    $articleDetails['articlekeywords'] = stripslashes($_POST['articlekeyword']);
    The problem is that it works only for the "General Guidelines for All Articles" textarea ('comments') and not for the 2 other fields: "Subject" + "Keywords/Comments" ('articlenames' + 'articlekeywords')

    In order to see that, you can fill in this page an email address + subject+words for one article, then click 'continue', and then click 'edit' in the Shopping Cart.


  2. #2
    Join Date
    May 2011
    I think that, maybe, you need to index 'articlename[]' and 'articlekeyword[]'
    in the markup.


    type="text" name="articlename[0]"
    type="text" name="articlename[1]"
    type="text" name="articlename[2]"
    type="text" name="articlename[3]"

    type="text" name="articlekeyword[0]"
    type="text" name="articlekeyword[1]"
    type="text" name="articlekeyword[2]"
    type="text" name="articlekeyword[3]"


    Sometimes, when you re-invent the wheel, you end up with a better wheel.
    One-on-One Scripting Tuition/Mentoring

  3. #3
    Join Date
    Aug 2004
    Without some more debugging to find out for sure where the unwanted slashes are coming from may require more info and debugging.

    You say you turned off magic_quotes_gpc in your php.ini file, but have you restarted the web server since then so that it takes effect? (It may not be necessary in all web server configs, but then again it might.)

    Are you perhaps somehow double-sanitizing DB inputs? (E.g., applying mysql_real_escape_string() to the data in more than one place)

    Otherwise, you might want to put in some error_log()'s or use other debugging methods to find out what the values are that are initially received, see if they have changed before you go to insert them into the DB, etc.
    PHP Code:
    // start of script
    error_log("Data as input:".PHP_EOL.var_export($_POST,1));
    "Well done....Consciousness to sarcasm in five seconds!" ~ Terry Pratchett, Night Watch

    How to Ask Questions the Smart Way (not affiliated with this site, but well worth reading)

    My Blog
    cwrBlog: simple, no-database PHP blogging framework

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
HTML5 Development Center