CODEWITHSUNDEEP
phpurlencodeurldecode
Hulk
Hulk

Reputation: 34200

PHP urlencode and decode

All,

There is a text area say 

 <input type="submit">

And if a user gives the input as,

 here is my name  and my mail id is "[email protected]"

And when the data is posted on the server side the data is received as here is my name and my mail id is \"[email protected]\"

Backslash is added behind double quotes.Now how to encode the the data before submitting.I am using php on the server side..

Thanks.

Upvotes: 2

Views: 3347

Answers (5)

Richard Knop
Richard Knop

Reputation: 83745

You can get rid of magic quotes also in PHP if your web hosting provider doesn't allow you to disable it in php.ini file. Put this code on top of your PHP script:

    if (get_magic_quotes_gpc()) {
        function stripslashes_deep($value) {
            $value = is_array($value) ?
                     array_map('stripslashes_deep', $value) :
                     stripslashes($value);
            return $value;
        }

        $_POST = array_map('stripslashes_deep', $_POST);
        $_GET = array_map('stripslashes_deep', $_GET);
        $_COOKIE = array_map('stripslashes_deep', $_COOKIE);
        $_REQUEST = array_map('stripslashes_deep', $_REQUEST);
    }

Upvotes: 2

Josef S&#225;bl
Josef S&#225;bl

Reputation: 7752

You probably have magic quotes enabled on your system. This is not a good thing.

Upvotes: 1

Pascal MARTIN
Pascal MARTIN

Reputation: 401172

It looks like the directive magic_quote_gpc is enabled on your server :

When magic_quotes are on, all ' (single-quote), " (double quote),
(backslash) and NUL's are escaped with a backslash automatically.


A solution, if you can't disable it in your server's configuration, would be to :
  • detect if this is enabled
  • if yes, remove the escaping from the input, using stripslashes

About that, you can read the section Disabling Magic Quotes.


Of course, you'll have to escape your data properly before using it ; for instance, before injecting it into an SQL query.

Upvotes: 2

Qwerty
Qwerty

Reputation: 1742

Disable magic_quotes in php.ini or use stripslashes($text) in PHP to remove slashes.

Upvotes: 1

roman
roman

Reputation: 11278

this is magic_quotes_gpc kicking in - to remove it just disable it in php.ini or remove it using stripslashes($your_var);

though bear in mind that this is a (lousy) security feature of php, but when storing the data to a database you should use the respective escape functions to prevent sql injections anyway and when showing user-posted data your sanitizing function should prevent xss injections.

Upvotes: 3

Related Questions