help with echo and insert in db

[UnknownPlayer]

Hi,

i insert in db with mysql_real_escape_string() function, but when i read i use this:

- htmlentities(stripslashes($value), ENT_QUOTES, "UTF-8") - for all fields but no textarea

- stripslashes($value) - for textarea, becouse when insert that textare, its tinymce, and have html tags

 

Is this right way ?

 

[Pikachu2000]

There should be no need to use stripslashes() on data that was properly escaped when it was inserted.

[UnknownPlayer]

I removed tinymce, just left:

- when insert mysql_real_escape_string()

- when echo htmlentities

 

but when there is char " it show  like "\ how can i fix that?

[Pikachu2000]

If data is retrieved from the database with slashes in it, either it wasn't properly escaped when it was inserted, or something is adding the slashes after retrieval. magic_quotes_gpc or magic_quotes_runtime may be on, or you have something applying addslashes() to your data. If you view the data in phpMyAdmin or the MySQL command line client, are the slashes there or not?

[UnknownPlayer]

In db is like: \" but on my localhost server this thing works fine, but on webserver it doesnt, it shows \".

I tested, i put echo mysql_real_escape_string($_POST['opis']); on page that insert data, and it echo \r\n\\\"

 

What is problem ?

[Pikachu2000]

magic_quotes_gpc is on, so the data is being double escaped. You'll want to turn off magic_quotes_gpc in your php.ini file, and restart Apache. You may need to check with the host to see how to do that. Then you'll need to run an UPDATE query to get rid of the unnecessary slashes added to the data, or import it from a "clean" source.

[UnknownPlayer]

Thanks i did that, adn restarted services in phpinfo is now off, and is works, thank you very much.