Backslashes in a form
I have a problem with the form on my website here:
The problem is that all ' (single-quote), " (double quote) and \ (backslash) are escaped with a backslash automatically.
I turned off magic_quotes in php.ini, but the problem is still there (I used phpinfo to check that magic_quotes are really off).
So I used stripslashes() in the code that pass the values into the database:
The problem is that it works only for the "General Guidelines for All Articles" textarea ('comments') and not for the 2 other fields: "Subject" + "Keywords/Comments" ('articlenames' + 'articlekeywords')
$articleDetails['comments'] = stripslashes($_POST['comments']);
$articleDetails['articlenames'] = stripslashes($_POST['articlename']);
$articleDetails['articlekeywords'] = stripslashes($_POST['articlekeyword']);
In order to see that, you can fill in this page an email address + subject+words for one article, then click 'continue', and then click 'edit' in the Shopping Cart.
I think that, maybe, you need to index 'articlename' and 'articlekeyword'
in the markup.
Without some more debugging to find out for sure where the unwanted slashes are coming from may require more info and debugging.
You say you turned off magic_quotes_gpc in your php.ini file, but have you restarted the web server since then so that it takes effect? (It may not be necessary in all web server configs, but then again it might.)
Are you perhaps somehow double-sanitizing DB inputs? (E.g., applying mysql_real_escape_string() to the data in more than one place)
Otherwise, you might want to put in some error_log()'s or use other debugging methods to find out what the values are that are initially received, see if they have changed before you go to insert them into the DB, etc.
// start of script
error_log("Data as input:".PHP_EOL.var_export($_POST,1));
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)