All,
There is a text area say
<input type="submit">
And if a user gives the input as,
here is my name and my mail id is "[email protected]"
And when the data is posted on the server side the data is received as here is my name and my mail id is \"[email protected]\"
Backslash is added behind double quotes.Now how to encode the the data before submitting.I am using php on the server side..
Thanks.
this is magic_quotes_gpc kicking in - to remove it just disable it in php.ini or remove it using stripslashes($your_var);
though bear in mind that this is a (lousy) security feature of php, but when storing the data to a database you should use the respective escape functions to prevent sql injections anyway and when showing user-posted data your sanitizing function should prevent xss injections.
Disable magic_quotes in php.ini or use stripslashes($text) in PHP to remove slashes.
It looks like the directive magic_quote_gpc is enabled on your server :
When magic_quotes are on, all ' (single-quote), " (double quote), \ (backslash) and NUL's are escaped with a backslash automatically.
A solution, if you can't disable it in your server's configuration, would be to :
stripslashesAbout that, you can read the section Disabling Magic Quotes.
Of course, you'll have to escape your data properly before using it ; for instance, before injecting it into an SQL query.
You probably have magic quotes enabled on your system. This is not a good thing.
You can get rid of magic quotes also in PHP if your web hosting provider doesn't allow you to disable it in php.ini file. Put this code on top of your PHP script:
if (get_magic_quotes_gpc()) {
function stripslashes_deep($value) {
$value = is_array($value) ?
array_map('stripslashes_deep', $value) :
stripslashes($value);
return $value;
}
$_POST = array_map('stripslashes_deep', $_POST);
$_GET = array_map('stripslashes_deep', $_GET);
$_COOKIE = array_map('stripslashes_deep', $_COOKIE);
$_REQUEST = array_map('stripslashes_deep', $_REQUEST);
}