stripslashes() or addslashes() or magic_quotes_gpc

**Medyman** · 12-10-2007, 05:47 PM

Hi guys...

Ok, so here's the problem.

I'm using TinyMCE (http://tinymce.moxiecode.com/) in a backend CMS application. I'm then uploading this content into a MySQL database.

The problem is whenever someone types something with an apostrophe, it doesn't upload correctly to the DB. Of course, the apostrophe needs to be escaped.

Is there a way to do this automatically, using stripslashes() or addslashes() for example.

How would I go about implementing that?

**boogyman** · 12-10-2007, 06:14 PM

PHP Code:


$tring = str_replace("'", "\'",$tring);

**Master_script_maker** · 12-10-2007, 10:24 PM

i would use what you first said because it is for esaping characters (' " \ and NULL):

Code:

$string = addslashes($upload);

**thetestingsite** · 12-10-2007, 10:39 PM

Or another thing you could use is addcslashes and stripcslashes.

Hope this helps.

**Medyman** · 12-13-2007, 04:58 AM

how would i add that to my code?

say, i have something like this:

PHP Code:


$summary = $_POST['summary'];

how do i add the addslashes() or whatever else you suggest to it?

or should i add a secondary step, such as below?

PHP Code:


$s = $_POST['summary'];

$summary= addslashes($s);

**Twey** · 12-13-2007, 05:06 AM

If you're using it in an SQL query you should be using mysql_real_escape_string(). An ORM like Propel will also take care of this for you.

Thread: stripslashes() or addslashes() or magic_quotes_gpc

Thread Tools

Search Thread

stripslashes() or addslashes() or magic_quotes_gpc

Bookmarks

Bookmarks

Posting Permissions