Why does the following place a \ into the text

[Feckie]

Why does the following place a \ into the text. ie: (You\'re)

Code:

<?php
$con = mysql_connect("localhost","music","pass");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("music", $con);
$Title=mysql_real_escape_string($_POST['Title']);
$Artist=mysql_real_escape_string($_POST['Artist']);
$Download=mysql_real_escape_string($_POST['Download']);
$Year=mysql_real_escape_string($_POST['Year']);
$sql="INSERT INTO Songs (Title,Artist,Download,Year) VALUES ('$Title','$Artist','$Download','$Year')";
if (!mysql_query($sql,$con)) {
 die('Error: ' . mysql_error());
}
echo "Music successfully added to your database....";
echo "<img src=arrow.gif>";
mysql_close($con);
?>

The Page Code

Code:

<html>
    <head>
        <title>Search Years</title>
    </head>
    <body  bgcolor="#EDD7F1" text="#733582" link="#733582" vlink="purple" alink="red"topmargin="0" leftmargin="10">
<center>        <form action="Years_Search.php" method="post">
            Search Years <input type="text" name="searchterm">
            <input type="submit" value="Search">
        </form></center>
    </body>
</html><?php

$searchterm = $_POST['searchterm'];
trim ($searchterm);

if (!$searchterm){
    echo 'Please enter a search term.';
}
/*add slashes to search term*/
if (!get_magic_quotes_gpc())
{
$searchterm = addslashes($searchterm);
}

@ $dbconn = new mysqli('localhost', 'music', 'pass', 'user');
if (mysqli_connect_errno())
{
echo 'Error: Could not connect to database.  Please try again later.';
exit;
}

$query = "select * from `Songs` where `Year` like '%".$searchterm."%'";
$result = $dbconn->query($query);
/*number of rows found*/
$num_results = $result->num_rows;

echo '<p>Found: '.$num_results.'</p>';
/*loops through results*/
for ($i=0; $i <$num_results; $i++)
{
$num_found = $i + 1;
$row = $result->fetch_assoc();








  echo  "<b>{$row['Year']} - {$row['Artist']} - {$row['Title']} - <a href=http://somewhere/music_download.php?f={$row['Download']}>Download</a> - <object type=\"application/x-shockwave-flash\" data=\"http://somewhere/player.swf\" width=\"180\" height=\"20\" id=\"audioplayer1\"><param name=\"movie\" value=\"http://somewhere/player.swf\" /><param name=\"FlashVars\" value=\"playerID=1&amp;bg=0xf8f8f8&amp;leftbg=0x8297cc&amp;lefticon=0xffffff&amp;rightbg=0xe09e7b&amp;rightbghover=0xb35884&amp;righticon=0xffffff&amp;righticonhover=0xffffff&amp;text=0x666666&amp;slider=0x666666&amp;track=0xFFFFFF&amp;border=0x666666&amp;loader=0x9FFFB8&amp;soundFile=http://somewhere/Files/{$row['Download']}\" /><param name=\"quality\" value=\"high\" /><param name=\"menu\" value=\"true\" /><param name=\"bgcolor\" value=\"#EDD7F1\" /></object></b>";
  echo "</br>";



}


$result->free();
$dbconn->close();
?>

Any help would be appreciated........

[djr33]

This line? $searchterm = addslashes($searchterm);

If not, be more specific-- what 'text' exactly?

[Feckie]

This line? $searchterm = addslashes($searchterm);

I have tried without and still does it...

If not, be more specific-- what 'text' exactly?

You\'re it places \ in front of '


I know that that is the way it inserts it into the database, but I am trying to delete it when pulled onto page

[forum_amnesiac]

Before you put the value onto the page have you tried using the stripslashes() function on it.

[Feckie]

Before you put the value onto the page have you tried using the stripslashes() function on it.

How do I do that !!!!

[forum_amnesiac]

You could for example do this

PHP Code:

$year=stripslashes($row['Year']);
$artist=stripslashes($row['Artist']); 
$title=stripslashes($row['Title']); 

  echo  "<b>{$year} - {$artist} - {$title} - <a href=http://somewhere/music_download.php?f={$row['Download']}>Download</a> - <object type=\"application/x-shockwave-flash\" data=\"http://somewhere/player.swf\" width=\"180\" height=\"20\" id=\"audioplayer1\"><param name=\"movie\" value=\"http://somewhere/player.swf\" /><param name=\"FlashVars\" value=\"playerID=1&amp;bg=0xf8f8f8&amp;leftbg=0x8297cc&amp;lefticon=0xffffff&amp;rightbg=0xe09e7b&amp;rightbghover=0xb35884&amp;righticon=0xffffff&amp;righticonhover=0xffffff&amp;text=0x666666&amp;slider=0x666666&amp;track=0xFFFFFF&amp;border=0x666666&amp;loader=0x9FFFB8&amp;soundFile=http://somewhere/Files/{$row['Download']}\" /><param name=\"quality\" value=\"high\" /><param name=\"menu\" value=\"true\" /><param name=\"bgcolor\" value=\"#EDD7F1\" /></object></b>"; 


Do this for any fields that you think could have the / inserted into the text

[Feckie]

You could for example do this

PHP Code:

$year=stripslashes($row['Year']);
$artist=stripslashes($row['Artist']); 
$title=stripslashes($row['Title']); 

  echo  "<b>{$year} - {$artist} - {$title} - <a href=http://somewhere/music_download.php?f={$row['Download']}>Download</a> - <object type=\"application/x-shockwave-flash\" data=\"http://somewhere/player.swf\" width=\"180\" height=\"20\" id=\"audioplayer1\"><param name=\"movie\" value=\"http://somewhere/player.swf\" /><param name=\"FlashVars\" value=\"playerID=1&amp;bg=0xf8f8f8&amp;leftbg=0x8297cc&amp;lefticon=0xffffff&amp;rightbg=0xe09e7b&amp;rightbghover=0xb35884&amp;righticon=0xffffff&amp;righticonhover=0xffffff&amp;text=0x666666&amp;slider=0x666666&amp;track=0xFFFFFF&amp;border=0x666666&amp;loader=0x9FFFB8&amp;soundFile=http://somewhere/Files/{$row['Download']}\" /><param name=\"quality\" value=\"high\" /><param name=\"menu\" value=\"true\" /><param name=\"bgcolor\" value=\"#EDD7F1\" /></object></b>"; 


Do this for any fields that you think could have the / inserted into the text

Nope that just shows

Code:

 -  -  -

[Feckie]

Result

The below works

Code:

$year=stripslashes($row['Year']);
$artist=stripslashes($row['Artist']);
$title=stripslashes($row['Title']);

  echo  "<b>$year - $artist - $title -

Many Thanks