tags:

views:

26

answers:

2
Q: 

HTML Forms - removing slashes safely

I'm using a web form to store user input into a MySQL DB, using $_POST.

I have noticed that once textarea fields area read, slashes are inserted automatically to escape some characters.

As I need to manipulate text before storing, I thought about using stripslashes, however I have discovered that it may garbage text, if Japanese or other asiatic character sets are used.

Is there a proper way to do the job (remove slashes) safely?

+2  A: 

Turn off magic quotes in your PHP settings. The feature is deprecated anyway.

David Dorward  2010-10-08 11:31:53
I have checked out php.ini, it looks like magic quotes is disabled:<code>; Magic quotes;; Magic quotes for incoming GET/POST/Cookie data.magic_quotes_gpc = Off; Magic quotes for runtime-generated data, e.g. data from SQL, from exec(), etc.magic_quotes_runtime = Off; Use Sybase-style magic quotes (escape ' with '' instead of \').magic_quotes_sybase = Off</code>
Riccardo  2010-10-08 13:59:46
Yea, that's the default settings in PHP5.3, because as said magic quotes are deprecated. In this case you SHOULDN'T use stripslashes on the string! stipslashes is only necessary if magic quotes are enabled and that's actually what I've posted in my anwser. If magic quotes are on, stripslashes will be used, if not they won't. If for any reason you have to port your code to a server where magic quotes are enabled and you can't or aren't allowed to disable them (i.e. cause they disturb other scripts) than my solution will still work, while the above one won't.
Tseng  2010-10-08 17:34:51
+1  A: 

If you don't want to disable magic quotes (even though they won't be working anymore in PHP 6.0 as they were deprecated in 5.3), you can use this code

$txt = $_POST['txt'];
if(get_magic_quotes_gpc())
    $txt = stripslashes($txt);

this way stripslashes would only be enabled when your PHP module has magic quotes enabled or ignore it otherwise

Tseng  2010-10-08 12:07:59
As I wrote, stripslashes seems dangerous for some asian-encoded languages, like Japanese....
Riccardo  2010-10-08 13:41:17

related questions

Autosizing Textarea
Regular expression for parsing links from a webpage?
What are good tools for creating compiled HTML help files (.chm)?
Looking for WYSIWYG HTML editor
Any reason not to start using the HTML 5 doctype?
HTML comments break down
HTML Comments Markup
Setting a div's height in HTML with CSS
Wrapping lists into columns
Is a "Confirm Email" input good practice when user changes email address?
<XMP> Tag
HTML version choice
Options for HTML scraping?
How do you disable browser Autocomplete on web form field / input tag?
How do I make a checkbox toggle from clicking on the text label as well?
Html CSS Editor
Wordpress theme development offline tools
How do I give my web sites an icon for iPhone?
In HTML, how to word-break on a dash?
Detecting font in JavaScript
How do you test layout design across multiple browsers/OSs?
How do I print an HTML document from a web service?
Multiple submit buttons on a HTML form
How can I determine a web user's time zone?
Why doesn't the percentage width child in absolutely positioned parent work in IE7?