Ultra Posted June 19, 2009 Report Share Posted June 19, 2009 My site has a place where users can post comments. For some reason, whenever someone posts a single quote ['], it puts a forward slash in front of the quote. I was wondering if there was a way to get around that, like a str_ireplace(); function. I tried it, and you can't do it like this: $Comment = str_ireplace("\'", "'", $Comment); Now, due to the forum style, it makes it hard to see what I posted. With spaces: $Comment = str_ireplace(" \' ", " ' ", $Comment); Quote Link to comment Share on other sites More sharing options...
MacRankin Posted June 20, 2009 Report Share Posted June 20, 2009 (edited) Hm, I read something recently about the 'Magic Quote', or some such thing that used to be enabled in earlier versions of php. Not sure if this has anything to do with your problem though? I had a look a whiles back to make sure it wasn't enabled on my version of php, and though it isn't, I have no idea how you would go about disabling this feature, other than messing about in Terminal -- the Mac's command line app. Having said that, I did come across this a few hours ago in another very good book on php... $name = stripslashes($_REQUEST['name']); Maybe someone else knows more of this? ...Typical, I've just re-read that passage, and it's only for back slashes, so it couldn't possibly have anything to do with your problem. Silly me. Edited June 20, 2009 by MacRankin Quote Link to comment Share on other sites More sharing options...
Ultra Posted June 21, 2009 Author Report Share Posted June 21, 2009 Maybe.. Think not allowing forward slashes would get rid of them? I'm not sure exactly what that is, but it would not allow certain characters to be posted. I'll look up on Google and see if that works. Quote Link to comment Share on other sites More sharing options...
jlhaslip Posted June 21, 2009 Report Share Posted June 21, 2009 // Create a function for escaping the data. function escape_data ($data) { // Address Magic Quotes. if (ini_get('magic_quotes_gpc')) { $data = stripslashes($data); } // Return the escaped value. return $data; } // End of function. Quote Link to comment Share on other sites More sharing options...
Ultra Posted June 21, 2009 Author Report Share Posted June 21, 2009 Mmkay. What exactly does that do? Only allow A-Z 0-1 and stuff? And should I switch the '$data' with what I use as the variable for the posts? Quote Link to comment Share on other sites More sharing options...
jlhaslip Posted June 21, 2009 Report Share Posted June 21, 2009 Receive the data as POST array elements, ie: $_POST['name']. Clean the data like so: $clean_data = escape_data($_POST['name']); Then, echo the $clean_data. The function should remove the slashes only if the magic_quotes_gpc is active, so you use it to allow your script to function the same whether the magic_quotes is on or off. Quote Link to comment Share on other sites More sharing options...
Ultra Posted June 22, 2009 Author Report Share Posted June 22, 2009 Cool, thanks. =] Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.