How can I prevent \ from being added from the form input?

Question

The html form accepts textarea input, and I am using $_POST value to put the input value to textarea when I am displaying it. For example.

<html>
<?php if($_POST['input'){
<form method="post" action="<?=$PHP_SELF?>">
<textarea name="input" cols="60" rows="20"><?=$_POST['input']?></textarea>
<input type="submit" value="Test it">
</form>
<?php
} else {
?>
Please copy in a text of your choice
<br /><br />
<form method="post" action="<?=$PHP_SELF?>">
<textarea name="input" cols="60" rows="20"></textarea>
<input type="submit" value="Test it">
</form>
</html>

Everything works fine except that backslash '\' is added to every single quote, and double quotes. How can I set some setting to prevent backslash from being added?

Answer 1

After a long search I solved this problem like this:

In your page where you want to display the textarea content, just add this

< ? php echo stripslashes($shortcode_name) ? > 

Of course you need to replace $shortcode_name with your shortcode. That is all. SOLVED

Answer 2

You can also use stripslashes.

<textarea name="input" cols="60" rows="20"><?php echo stripslashes($_POST['input']); ?></textarea>

Answer 3

Disable magic quotes - see http://php.net/manual/en/security.magicquotes.php - if you're on shared hosting and your hoster is stupid and doesn't want to / let you change it (see that page for why it is stupid), use stripslashes() on every value you get out ouf the $_GET, $_POST, $_COOKIE arrays.

On a side note, don't echo input values back (that includes PHP_SELF) into the HTML output without sending them through htmlspecialchars(), or you have security issues. See http://en.wikipedia.org/wiki/Cross-site_scripting for more information.