1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 7:29 am Apr 28, 2026

Forum Moderators: coopster

Message Too Old, No Replies

to stripslashes or not to stripslashes

         

alexh

1:26 pm on Dec 9, 2003 (gmt 0)

10+ Year Member



I am building a simple CMS where a user can add news items to a MySQL db, The HTML form is built with 3 fields, TITLE, BODY and LINK. The title and link fields are HTML <input type=text> and the body field is a <textarea>.

Before I enter the record into the database I am using addslashes on each variable as I have magic_quotes_gpc disabled.

The second part of the CMS allows the user to view and edit any news article. Querying the db returns the values without a problem, but when I echo the value for TITLE into the HTML <input type=text> field the contents are truncated at any " (double quote), but is fine for any ' (single quote). I have echoed the value of TITLE to the <textarea> and the problem does not occur.

Can anyone explain? I have tried using stripslashes on the return values, with no effect. In fact it doesn't seem to need this at all.

Help!

Thanks.

ergophobe

4:49 pm on Dec 9, 2003 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



There is an excellent recent thread on Magic Quotes [webmasterworld.com] that should answer your questions.

Tom

dreamcatcher

5:25 pm on Dec 9, 2003 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Yes, check out the thread that ergophobe has linked to. Sounds like what you need to use is htmlspecialchars as well as stripslashes. This will prevent any problems with double quotes in your HTML.

htmlspecialchars(stripslashes($row['blah']))

:)

 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 7:29 am Apr 28, 2026