开发者

Removing a Preceding Backslash from Apostrophes

开发者 https://www.devze.com 2022-12-27 03:29 出处:网络
When I add a comment 开发者_如何学运维using the variable below, apostrophes are printed with a backslash in front of them.How can I get rid of the backslashes?

When I add a comment 开发者_如何学运维using the variable below, apostrophes are printed with a backslash in front of them. How can I get rid of the backslashes?

Thanks in advance,

John

Example of printed result:

My roommate\'s brother\'s ex-girlfriend\'s aunt drive a Toyota.

$comment = mysql_real_escape_string($_POST['comment']);


mysql_real_escape_string() is adding backslashes, so you can inject your string safely into an SQL query -- this is acting as a protection against SQL Injections.

But this function should only be used when you want to build an SQL query -- not when you want to output something.

When you want to output a string to an HTML page, you'll generally use htmlspecialchars or htmlentities, to prevent XSS.


If you already have some backslashes before calling mysql_real_escape_string(), it might be because of Magic Quotes -- if so, you might want to first call stripslashes() on the input you get from the user, to not duplicate the backslashes.


from http://php.net/manual/en/function.mysql-real-escape-string.php

Note: If magic_quotes_gpc is enabled, first apply stripslashes() to the data. Using this function on data which has already been escaped will escape the data twice.


Isn't that exactly what mysql_real_escape_string is supposed to do? If you're still seeing the slashes after inserting the data into the database and fetching it back, make sure the magic_quotes_gpc server option is turned off.

0

精彩评论

暂无评论...
验证码 换一张
取 消

关注公众号