So basically when I 开发者_开发问答type something with an apostrophe, such as John's bike it will echo John\'s bike. The code below:
<?php
$searchname = $_POST["name"] ;
echo "$searchname";
My form uses the POST method. Is there any way to stop this?
Also to make input case insensitive how would I go about in this segment?
$searchsport = $_POST['sport'];
$sportarray = array(
"Football" => "Fb01",
"Cricket" => "ck32",
"Tennis" => "Tn43",
);
if(isset($sportarray[$searchsport])){
header("Location: ".$sportarray[$searchsport].".html");
die;
}
//what code is needed to make the if statement work? I've looked up some weird ways such as using array_change_key_case (which I clearly don't understand).
This is most likely because you have magic quotes turned on, try this:
if (get_magic_quotes_gpc())
{
$searchname = stripslashes($_POST["name"]);
echo "$searchname";
}
else
{
$searchname = $_POST["name"];
echo "$searchname";
}
In fact, you could create a function instead to do it automatically for you:
function fixIt($str)
{
if (is_array($str))
{
foreach ($str as &$value)
{
$value = fixIt($value);
}
return $str;
}
else
{
return stripslashes($str);
}
}
And then you can simply do:
$searchname = fixIt($_POST["name"]);
echo $searchname;
Note: You can also disable the ugly magic quotes from php.ini as they are problematic and rightly deprecated and out of the future versions of PHP.
There are a few ways.
Turn off magic_quotes_gpc in php.ini
magic_quotes_gpc = 0In the beginning of the request, run stripslashes
if (get_magic_quotes_gpc() && !function_exists('FixMagicQuotesGpc')) { function FixMagicQuotesGpc($data) { if (is_array($data)) { foreach ($data as &$value) { $value = FixMagicQuotesGpc($value); } return $data; } else { return stripslashes($data); } } $_GET = FixMagicQuotesGpc($_GET); $_POST = FixMagicQuotesGpc($_POST); $_REQUEST = FixMagicQuotesGpc($_REQUEST); }
EDIT: Added the !function_exists part. This way, you don't need to worry if you ran it before, it'll just skip it if it's already been run (by another file, etc)
This is controlled by the magic_quotes_gpc configuration variable. It really is annoying (and deprecated!).
You should turn it off in php.ini, or ask your web host if they can do something about it.
If they can't, you can use addslashes and stripslashes to manually escape/un-escape. Beware, though - you should use something more secure than addslashes for submitting to a database. mysql_real_escape_string is a better option, or the function specific to your database:
mysqli_escape_stringsqlite_escape_string- a bigger list
I include the following script within my config file to fix magic quotes if necessary. That way I don't have to worry about the magic quotes settings of the host.
<?php
set_magic_quotes_runtime(0);
function _remove_magic_quotes(&$input) {
if(is_array($input)) {
foreach(array_keys($input) as $key) _remove_magic_quotes($input[$key]);
}
else $input = stripslashes($input);
}
if(get_magic_quotes_gpc()) {
_remove_magic_quotes($_REQUEST);
_remove_magic_quotes($_GET);
_remove_magic_quotes($_POST);
_remove_magic_quotes($_COOKIE);
}
return true;
?>
Magic Quotes... I'll be so happy when PHP 6 finally arrives and removes this monster of incompatibility.
The best solution is to turn it off in php.ini by setting
magic_quotes_gpc = Off
If you don't have access to php.ini but are using Apache, you can also disable it in an .htaccess file:
php_flag magic_quotes_gpc Off
The last ditch scenario is to disable it in your application. the PHP Manual's Disabling Magic Quotes page suggests using this:
<?php
if (get_magic_quotes_gpc()) {
$process = array(&$_GET, &$_POST, &$_COOKIE, &$_REQUEST);
while (list($key, $val) = each($process)) {
foreach ($val as $k => $v) {
unset($process[$key][$k]);
if (is_array($v)) {
$process[$key][stripslashes($k)] = $v;
$process[] = &$process[$key][stripslashes($k)];
} else {
$process[$key][stripslashes($k)] = stripslashes($v);
}
}
}
unset($process);
}
?>
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论