PDA

View Full Version : stripslashes() or addslashes() or magic_quotes_gpc



Medyman
12-10-2007, 05:47 PM
Hi guys...

Ok, so here's the problem.

I'm using TinyMCE (http://tinymce.moxiecode.com/) in a backend CMS application. I'm then uploading this content into a MySQL database.

The problem is whenever someone types something with an apostrophe, it doesn't upload correctly to the DB. Of course, the apostrophe needs to be escaped.

Is there a way to do this automatically, using stripslashes() or addslashes() for example.

How would I go about implementing that?

boogyman
12-10-2007, 06:14 PM
$tring = str_replace("'", "\'",$tring);

Master_script_maker
12-10-2007, 10:24 PM
i would use what you first said because it is for esaping characters (' " \ and NULL):

$string = addslashes($upload);

thetestingsite
12-10-2007, 10:39 PM
Or another thing you could use is addcslashes (http://php.net/addcslashes) and stripcslashes (http://php.net/stripcslashes).

Hope this helps.

Medyman
12-13-2007, 04:58 AM
how would i add that to my code?

say, i have something like this:


$summary = $_POST['summary'];

how do i add the addslashes() or whatever else you suggest to it?

or should i add a secondary step, such as below?



$s = $_POST['summary'];
$summary= addslashes($s);

Twey
12-13-2007, 05:06 AM
If you're using it in an SQL query you should be using mysql_real_escape_string(). An ORM like Propel will also take care of this for you.