1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Reinventing the wheel

Discussion in 'PHP' started by focus3, Aug 29, 2005.

  1. #1
    The answer to my question is probably simple and has probably been answered a million times, but when I searched, I wasnt able to find it.

    I have a form which onsubmit gets sent to a server side php program to deal with it. Now, when a user types a single quote ( ' ) or a double quote ( " ), the end result is displayed as /' or /" . I find it slightly annoying to go in and fix after it's been published to a blog or sent as an email. I believe it is changed when it is passed to the php script.

    What is the best way to deal with this? Do I use a search and replace function in PHP or do is there a way to pass it without this happening?
    SEMrush
    Please Advise,
    focus3:cool:
     
    focus3, Aug 29, 2005 IP
    SEMrush
  2. palespyder

    palespyder Psycho Ninja

    Messages:
    1,254
    Likes Received:
    98
    Best Answers:
    0
    Trophy Points:
    168
    #2
    palespyder, Aug 29, 2005 IP
    focus3 likes this.
  3. focus3

    focus3 Peon

    Messages:
    223
    Likes Received:
    8
    Best Answers:
    0
    Trophy Points:
    0
    #3
    Thanks very much. Im new to PHP programming too. Who woulda figured *shrugs*.
     
    focus3, Aug 29, 2005 IP
  4. palespyder

    palespyder Psycho Ninja

    Messages:
    1,254
    Likes Received:
    98
    Best Answers:
    0
    Trophy Points:
    168
    #4
    Glad it helped, that is actually a really common problem. Took me forever to learn this one ;)
     
    palespyder, Aug 29, 2005 IP
  5. Willy

    Willy Peon

    Messages:
    281
    Likes Received:
    25
    Best Answers:
    0
    Trophy Points:
    0
    #5
    As a related tip, if you're going to store a value you got from the user (via GET or POST) in an SQL database, be sure to perform the opposite operation addslashes or mysql_escape_string on it first, to prevent introducing SQL injection vulnerabilities. The most common security hole and easiest to both introduce and prevent... ;)
     
    Willy, Aug 29, 2005 IP
    focus3 likes this.
  6. SamOwen

    SamOwen Peon

    Messages:
    865
    Likes Received:
    24
    Best Answers:
    0
    Trophy Points:
    0
    #6
    stripslashes still trips me up sometimes and I only notice when the output is displayed with a bunch of '/ .
     
    SamOwen, Aug 29, 2005 IP
  7. Gmorkster

    Gmorkster Peon

    Messages:
    202
    Likes Received:
    7
    Best Answers:
    0
    Trophy Points:
    0
    #7
    If you use Smarty or any similar template engine you can register stripslashes as an output filter once for the whole site
     
    Gmorkster, Sep 3, 2005 IP
  8. nevetS

    nevetS Evolving Dragon

    Messages:
    2,544
    Likes Received:
    211
    Best Answers:
    0
    Trophy Points:
    135
    #8
    Do yourself a a favor and make sure magic_quotes is turned off via .htaccess or php.ini. It will end up confusing you because sometimes you don't have problems with quotes and sometimes you do.

    Take care of all your slashing manually with StripSlashes and AddSlashes or build your own function if you have other input/output filtering needs.
     
    nevetS, Sep 3, 2005 IP