spacepoet Posted December 13, 2010 Share Posted December 13, 2010 Hi: Is this the proper way to remove slashes from apostrophes: if ($_SERVER['REQUEST_METHOD'] == 'POST') { $myTitle = mysql_real_escape_string(stripslashes($_POST['myTitle'])); $myDesc = mysql_real_escape_string(stripslashes($_POST['myDesc'])); $myHeader = mysql_real_escape_string(stripslashes($_POST['myHeader'])); $mySubHeader = mysql_real_escape_string(stripslashes($_POST['mySubHeader'])); $myPageData = mysql_real_escape_string(stripslashes($_POST['myPageData'])); It seems to work fine, I'd just like to clarify I'm not missing anything. Thanks! Quote Link to comment Share on other sites More sharing options...
AbraCadaver Posted December 13, 2010 Share Posted December 13, 2010 You really only need to strip slashes if magic_quotes is enabled: if(get_magic_quotes_gpc()) { $_POST = array_map('stripslashes', $_POST); } A lot less typing Quote Link to comment Share on other sites More sharing options...
spacepoet Posted December 13, 2010 Author Share Posted December 13, 2010 Hi: I'm sure magic_quotes is because whenever I use an apostrophe in a text field or textarea, a "slash" gets added. But adding the "stripmagicslashes" like I did fixed it. What you posted, can that be used as an included file - like a functions library - to remove slashes? Thanks. Quote Link to comment Share on other sites More sharing options...
AbraCadaver Posted December 13, 2010 Share Posted December 13, 2010 Hi: I'm sure magic_quotes is because whenever I use an apostrophe in a text field or textarea, a "slash" gets added. But adding the "stripmagicslashes" like I did fixed it. What you posted, can that be used as an included file - like a functions library - to remove slashes? Thanks. This is useful if you are on shared hosting, may move hosts and/or distribute your app to others. If so, then yes it could be part of an include that you use to initialize your app. If you have and always will have control of your server settings then this isn't needed. Quote Link to comment Share on other sites More sharing options...
spacepoet Posted December 13, 2010 Author Share Posted December 13, 2010 I believe I just answered my own question: include('../include/myCodeLib.php'); myCodeLib.php <?php //STRIP SLASHES if(get_magic_quotes_gpc()) { $_POST = array_map('stripslashes', $_POST); } ?> Page.php if ($_SERVER['REQUEST_METHOD'] == 'POST') { $myTitle = mysql_real_escape_string($_POST['myTitle']); $myDesc = mysql_real_escape_string($_POST['myDesc']); $myHeader = mysql_real_escape_string($_POST['myHeader']); $mySubHeader = mysql_real_escape_string($_POST['mySubHeader']); $myPageData = mysql_real_escape_string($_POST['myPageData']); Seems to work just fine! Thanks for the tip! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.