Baffled by PHP escaping of double-quotes in HTML forms
I have a simple PHP script I use to front-end an SQLite database. It's nothing fancy or complex. But I have noticed from looking at the records in the database that anything I enter in a form-field with dou开发者_如何学JAVAble-quotes comes across in the form-processing as though I'd escaped the quotes with a backslash. So when I entered a record with the title:
British Light Utility Car 10HP "Tilly"
what shows up in the database is:
British Light Utility Car 10HP \"Tilly\"
I don't know where these are coming from, and what's worse, even using the following preg_replace doesn't seem to remove them:
$name = preg_replace('/\\"/', '"', $_REQUEST['kits_name']);
If I dump out $name
, it still bears the unwanted \
characters.
You have most probably magic_quotes_gpc
set to on
in php.ini
. If you want to avoid that and use your own regex, make a check like this:
if (get_magic_quotes_gpc())
{
$mytext = stripslashes($your_text);
}
// and your further code....
This means your server has magic_quotes_gpc enabled.
You can use ini_set() to disable this setting, or you can create a method to filter the $_REQUEST values()
function getRequest($key)
{
$val = $_REQUEST[$key];
if(get_magic_quotes_gpc() == 1) {
$val = stripslashes($val);
}
return $val;
}
echo getRequest('kits_name');
Is it possible magic quotes are enabled on the server?
You probably have magic quotes turned on.
You should disable these as it's bad practice and is deprecated.
View this doc to learn how to disable them.
Well because of lack of good answers.
As they said above, it is because magic quotes on.
You have to get rid of these slashes before inserting your data.
So, to get rid of it you can use either .htaccess
(if any) with these settings
php_flag magic_quotes_gpc 0
php_flag magic_quotes_runtime 0
or make it manually, with code like this
if ( get_magic_quotes_gpc( ) ) {
$_GET = array_map_recursive('stripslashes', $_GET) ;
$_POST = array_map_recursive('stripslashes', $_POST) ;
$_COOKIE = array_map_recursive('stripslashes', $_COOKIE) ;
$_REQUEST = array_map_recursive('stripslashes', $_REQUEST) ;
if (isset($_SERVER['PHP_AUTH_USER'])) stripslashes($_SERVER['PHP_AUTH_USER']);
if (isset($_SERVER['PHP_AUTH_PW'])) stripslashes($_SERVER['PHP_AUTH_PW']);
}
if your php version doesn't support array_map_recursive function, you can use a recursive function like this one
function strips(&$el) {
if (is_array($el))
foreach($el as $k=>$v)
strips($el[$k]);
else $el = stripslashes($el);
}
or write your own one You can use this code co cleanse your existing data
As for
If I dump out $name, it still bears the unwanted \ characters.
it may be result of wrong use htmlspecialchars
function
精彩评论