strings, escape and html forms...

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • John
    #1

    strings, escape and html forms...


    Hi,

    I use PHP to handle some data entry and editing through html form's,
    all very simple/standard stuff.

    Fot the moment, I then store all my data in a file (using var_export),
    but I will switch this over to MySQL at some point soon.

    At least while I'm using my file storage at present, when a character
    in a string needs to be escaped (eg. single quote, becomes \'), I find
    that the backslash character keeps getting re-escaped every time the
    string is edited, through a re-entry of the form.

    So it then become \\\', etc...

    What is the best way to stop this recursion ?

    Thanks,
    John.

    Tags: None
    • Geoff Berrow
      #2
      Re: strings, escape and html forms...

      I noticed that Message-ID: <1116cf6ih2sd01 @corp.supernews .com> from John
      contained the following:
      [color=blue]
      >What is the best way to stop this recursion ?[/color]
      stripslashes()


      --
      Geoff Berrow (put thecat out to email)
      It's only Usenet, no one dies.
      My opinions, not the committee's, mine.
      Simple RFDs http://www.ckdog.co.uk/rfdmaker/

        Comment

        • knoak
          #3
          Re: strings, escape and html forms...

          Everytime when you save it into the DB
          use mysql_escape_st ring or something like that, and
          everytime when you call it into your textfield, use stripslashes.


          Geoff Berrow <blthecat@ckdog .co.uk> wrote in message news:<qsc611lma p4daqvauq7trmar jbsr2a8n95@4ax. com>...[color=blue]
          > I noticed that Message-ID: <1116cf6ih2sd01 @corp.supernews .com> from John
          > contained the following:
          >[color=green]
          > >What is the best way to stop this recursion ?[/color]
          > stripslashes()[/color]

            Comment

            • Jan Pieter Kunst
              #4
              Re: strings, escape and html forms...

              knoak wrote:[color=blue]
              > Everytime when you save it into the DB
              > use mysql_escape_st ring or something like that, and
              > everytime when you call it into your textfield, use stripslashes.[/color]

              Generally, you only need to use stripslashes() before displaying data in
              a text field if magic_quotes_gp c is ON.

              if magic_quotes_gc p if OFF: use addslashes() or similar when saving into
              the database, don't use stripslashes() when displaying.

              if magic_quotes_gp c is ON: don't use addslashes() or similar when saving
              into the db, use stripslashes() when displaying.

              My recommendation: set magic_quotes_gp c to OFF and handle your string
              escaping yourself.

              JP

              --
              Sorry, <devnull@cauce. org> is a spam trap.
              Real e-mail address unavailable. 5000+ spams per month.

                Comment

                • John
                  #5
                  Re: strings, escape and html forms...


                  Thank you all, I have it OK now.

                  John.

                    Comment

                    Previous template Next
                    Working...