views:

82

answers:

4

So, when I save the data into database, PHP will add a \ on single or double quote. That's is good.

However, when data passing back to client using json_encode(); TEXT like McDonald's is STORED as McDonald's in DB but once pass back from PHP to js, it will be encoded as McDonald\'s

Since I'm using jQuery, is there any plugin easily do that? or any function should I use to strip the slashes correctly? obviously, if there is case like \\s , the function should return as \s . :)

Sorry guys. I think I make my question more complicate. HOw about I make it simpler..

If I have a javascript avariable:

var abc = "McDonald\'s";
var bcd = "I need a slash \\ ";
var cde = "save the double quote \"";

how can I strip the \' ? what the regex I should use?

+1  A: 

Yes. http://phpjs.org/functions/stripslashes:537

Jason
I read that already. but it is so messy that other people's comment provide different things and saying it doesn't work in IE...
seatoskyhk
That one doesn't work. .return error... unmatched ) in regular expression
seatoskyhk
+7  A: 

It's actually highly discouraged to use this "magic quotes" feature that inserts slashes. In general, you never want to store data in the database in an escaped format; you want to do the escaping and encoding in the output.

Domenic
Actually, I just check the DB, the magic quote is off. It will store McDonald's in DB. HOWEVER, the data generated from json_encode will attach the \'. That has to like that when getting back to JSON. BUT how can I remove the strip in JS?
seatoskyhk
@Domenic That's not *quite* correct; you want to escape data where it leaves the application in a way appropriate to where it's going. That is, you escape it for SQL generation in a way that doesn't store it escaped.
staticsan
@seatoskyhk, as @alex explains in his answer, use a JSON parser in JavaScript.
Domenic
+4  A: 

I would take care of the main problem - magic_quotes is enabled.

I would disable it and use proper escaping methods with your database.

Then you don't have to worry about PHP magically adding slashes.

If you are talking about slashes when using json_encode(), it does that for a reason.

Use a JSON parser in JavaScript and you won't see them (unless something else is improperly encoding them).

alex
For the JSON part, that exactly I need to figure out.. I don't want to have \' when I extract the data.
seatoskyhk
+1  A: 

Use: http://au.php.net/manual/en/function.mysql-real-escape-string.php before storing into database.

Use a custom function like this before writing onto any user interface:

function unescape($string)
{

$search = array("\\x00", "\\n", "\\r", "\\\x1a");

$replace = array("\x00","\n", "\r", "\x1a");

$retString = str_replace($search, $replace, $string);

$search = array("\'", '\\'.'"');

$replace = array(  "'", '"',);

$retString = str_replace($search, $replace, $retString);

$search = array("\\\\");

$replace = array( "\\");

$retString = str_replace($search, $replace, $retString);

return $retString

}
deepsat
That is one ugly function...
alex
yes it is! just an idea!
deepsat
Better than mine.. lol i have a new function that have \\\\\\\\\\\\\\\\
seatoskyhk