www.webdeveloper.com
Results 1 to 3 of 3

Thread: Backslashes in a form

  1. #1
    Join Date
    Oct 2010
    Posts
    11

    Backslashes in a form

    Hi,
    I have a problem with the form on my website here:
    http://www.yeparticles.com/order/

    The problem is that all ' (single-quote), " (double quote) and \ (backslash) are escaped with a backslash automatically.

    I turned off magic_quotes in php.ini, but the problem is still there (I used phpinfo to check that magic_quotes are really off).

    So I used stripslashes() in the code that pass the values into the database:

    Code:
    $articleDetails['comments'] = stripslashes($_POST['comments']);
    $articleDetails['articlenames'] = stripslashes($_POST['articlename']);
    $articleDetails['articlekeywords'] = stripslashes($_POST['articlekeyword']);
    The problem is that it works only for the "General Guidelines for All Articles" textarea ('comments') and not for the 2 other fields: "Subject" + "Keywords/Comments" ('articlenames' + 'articlekeywords')

    In order to see that, you can fill in this page an email address + subject+words for one article, then click 'continue', and then click 'edit' in the Shopping Cart.

    Thanks,
    Steve

  2. #2
    Join Date
    May 2011
    Posts
    101
    I think that, maybe, you need to index 'articlename[]' and 'articlekeyword[]'
    in the markup.

    Eg:

    type="text" name="articlename[0]"
    type="text" name="articlename[1]"
    type="text" name="articlename[2]"
    type="text" name="articlename[3]"

    type="text" name="articlekeyword[0]"
    type="text" name="articlekeyword[1]"
    type="text" name="articlekeyword[2]"
    type="text" name="articlekeyword[3]"

    etc.

    C
    Sometimes, when you re-invent the wheel, you end up with a better wheel.
    ---------------------------------------------
    One-on-One Scripting Tuition/Mentoring

  3. #3
    Join Date
    Aug 2004
    Location
    Ankh-Morpork
    Posts
    19,220
    Without some more debugging to find out for sure where the unwanted slashes are coming from may require more info and debugging.

    You say you turned off magic_quotes_gpc in your php.ini file, but have you restarted the web server since then so that it takes effect? (It may not be necessary in all web server configs, but then again it might.)

    Are you perhaps somehow double-sanitizing DB inputs? (E.g., applying mysql_real_escape_string() to the data in more than one place)

    Otherwise, you might want to put in some error_log()'s or use other debugging methods to find out what the values are that are initially received, see if they have changed before you go to insert them into the DB, etc.
    PHP Code:
    <?php
    // start of script
    error_log("Data as input:".PHP_EOL.var_export($_POST,1));
    "Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be."
    ~ Terry Pratchett in Nation

    eBookworm.us

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles