When my code is stored and saved and out putted I keep getting these slashes \\\\\
in my output text. how can I get rid of these slashes?
Here is the PHP code.
if (isset($_POST['submitted'])) { // Handle the form.
require_once '../../htmlpurifier/library/HTMLPurifier.auto.php';
$config = HTMLPurifier_Config::createDefault();
$config->set('Core.Encoding', 'UTF-8'); // replace with your encoding
$config->set('HTML.Doctype', 'XHTML 1.0 Strict'); // replace with your doctype
$purifier = new HTMLPurifier($config);
$mysqli = mysqli_connect("localhost", "root", "", "sitename");
$dbc = mysqli_query($mysqli,"SELECT users.*, profile.*
FROM users
INNER JOIN contact_info ON contact_info.user_id = users.user_id
WHERE users.user_id=3");
$about_me = mysqli_real_escape_string($mysqli, $purifier->purify($_POST['about_me']));
$interests = mysqli_real_escape_string($mysqli, $purifier->purify($_POST['interests']));
if (mysqli_num_rows($dbc) == 0) {
$mysqli = mysqli_connect("localhost", "root", "", "sitename");
$dbc = mysqli_query($mysqli,"INSERT INTO profile (user_id, about_me, interests)
VALUES ('$user_id', '$about_me', '$interests')");
}
if ($dbc == TRUE) {
$dbc = mysqli_query($mysqli,"UPDATE profile
SET about_me = '$about_me', interests = '$interests'
WHERE user_id = '$user_id'");
echo '<p class="changes-saved">Your changes have been saved!</p>';
}
if (!$dbc) {
// There was an error...do something about it here...
print mysqli_error($mysqli);
return;
}
}
Here is the XHTML code.
<form method="post" action="index.php">
<fieldset>
<ul>
<li><label for="about_me">About Me: </label>
<textarea rows="8" cols="60" name="about_me" id="about_me"><?php if (isset($_POST['about_me'])) { echo mysqli_real_escape_string($mysqli, $_POST['about_me']); } else if(!empty($about_me)) { echo mysqli_real_escape_string($mysqli, $about_me); } ?></textarea></li>
<li><label for="my-interests">My Interests: </label>
<textarea rows="8" cols="60" name="interests" id="interests"><?php if (isset($_POST['interests'])) { echo mysqli_real_escape_stri开发者_JS百科ng($mysqli, $_POST['interests']); } else if(!empty($interests)) { echo mysqli_real_escape_string($mysqli, $interests); } ?></textarea></li>
<li><input type="submit" name="submit" value="Save Changes" class="save-button" />
<input type="hidden" name="submitted" value="true" />
<input type="submit" name="submit" value="Preview Changes" class="preview-changes-button" /></li>
</ul>
</fieldset>
</form>
Could be that your php installation has Magic Quotes enabled: http://php.net/manual/en/security.magicquotes.php
See: http://www.php.net/manual/en/security.magicquotes.disabling.php for ways to disable them.
When you pull data from MySQL, you will want to run it through this to get clean output:
$clean_value = stripslashes($value);
精彩评论