Auto \" Problem [Archive] - Dynamic Drive Forums

TimFA

02-09-2008, 04:53 AM

Ok, I have a form with a textarea that passes its value to a PHP form processor it takes it and inserts it inside a <DIV> like so:

<div id="w.e.">
the inserted stuff, <sdfsdf>
</div>

Then the data is printed onto the page, whenever you type "s into said box it automatically makes them \" that is not correct HTML so clearly it needs fixed. I can't figure out how to stop it though, I tried:

$div_content=str_replace('"',""",$div_content);

and a few others (like manually replacing the " with \" with the str_replace(). Any ideas as to how to make it stop?

Thanks,
Tim

jackbenimble4

02-09-2008, 02:29 PM

This sounds like your host has 'Magic Quotes' enabled. This escapes all input into PHP scripts. This feature is frowned upon and is actually being removed in PHP 6. It causes more trouble than it's worth. The best solution here would be to turn off Magic Quotes. If you have access to the php.ini file on your host, turning these directives to off will disable it:

; Magic quotes for incoming GET/POST/Cookie data.
magic_quotes_gpc = Off

; Magic quotes for runtime-generated data, e.g. data from SQL, from exec(), etc.
magic_quotes_runtime = Off

; Use Sybase-style magic quotes (escape ' with '' instead of \').
magic_quotes_sybase = Off

That is straight from the PHP manual (http://us.php.net/manual/en/security.magicquotes.disabling.php)

If you don't have access to the php.ini, this snippet from the php manual will reverse it's effects:

<?php
if (get_magic_quotes_gpc()) {
function stripslashes_deep($value)
{
$value = is_array($value) ?
array_map('stripslashes_deep', $value) :
stripslashes($value);

return $value;
}

$_POST = array_map('stripslashes_deep', $_POST);
$_GET = array_map('stripslashes_deep', $_GET);
$_COOKIE = array_map('stripslashes_deep', $_COOKIE);
$_REQUEST = array_map('stripslashes_deep', $_REQUEST);
}
?>

Also, here are some related functions for your reference:

get_magic_quotes_gpc() (http://us2.php.net/get_magic_quotes_gpc) will return 0 if magic quotes is off and 1 if magic quotes is on.

stripslashes() (http://www.php.net/stripslashes) will remove the slashes from a string.

htmlentities() (http://www.php.net/htmlentities) will convert the text into their html equivalents.