Hi, I am fairly new to php and am having a problem with posting a form. The form has a text area and the text will sometimes include quotation marks. eg: My name is "Earl" When I post the form and retrieve the variable using the following code: $myvar = $_POST['my_var']; Code (markup): When I use $myvar, it is equal to: My name is \"Earl\" What I need to do is get rid of the \ characters, so that I can send the variable to and sql query. Can anyone tell me how I would go about doing this?
you will also need to look more into http://in.php.net/addslashes also look at this i hope all your doubts will be cleared http://in.php.net/magic_quotes
A good idea is to add this snippet to every page, or a page included in every other page: if (get_magic_quotes_gpc()) { foreach ($_GET as $key=>$val){ $_GET[$key] = stripslashes($val); } foreach ($_POST as $key=>$val){ $_POST[$key] = stripslashes($val); } } PHP: Alternatively you can use a function or method to validate the user input, for example: function validate($value){ if (get_magic_quotes_gpc()) { return mysql_real_escape_string(stripslashes($value)); }else{ return mysql_real_escape_string($value); } } PHP: The reason behind it is that the magic quotes are depreciated and cannot be trusted. They are turned off in the latest php versions by default and mysql_real_escape_string should be used to validate the data for the sql queries.