Reputation: 20279
Escaped characters in string from submitted form
Every time a POST is made I get escaped characters.
\ -> \\
' -> \'
" -> \"
I have a multistep form, which transmits the data from one form to another. I save the values with prepared statments in the database. The values in the database currently look like Paul\'s House. User should have the possiblity to use single and double quotes in their string.
This is a simple example demonstrating the escaping effect:
<?php
echo $_POST['value'];
?>
<form action="form.php" method="post" enctype="multipart/form-data">
<input type="hidden" name="value" value="Paul's House">
<input type="submit" value="Next">
</form>
Why or who escapes the string? What is the correct way for handling data over multiple forms? What is the correct way for saving it in the database? Should I use stripslashes() or I'm opening a big security hole?
Upvotes: 0
Views: 1432
Answers (2)
Reputation: 36970
You must turn off the magicquotes in server , otherwise you should very careful about on/off status of the magicquotes .
Upvotes: 0
Reputation: 4060
Looks like you have Magic Quotes turned on.
http://www.php.net/manual/en/security.magicquotes.disabling.php
Check that out for how to disable.
Upvotes: 2
Related Questions
- Escaping PHP within HTML within PHP
- How to post special/reserved characters from HTML forms to PHP pages?
- PHP: Can't escape characters in for inputs
- php and special characters
- Trouble reading escape characters from an input value
- How can you escape quotes in form post submit?
- Do not escape special characters on form submit
- PHP submitting forms, escaped quotes?
- escaping input in php
- PHP form auto escaping posted data?