Geek Answers Handbook

'' is obtained as \ 'and \ "

therefore, I have a field in which you can enter. After entering, click “OK”, and it will send an ajax call to save.php and insert it into the database (with php), and then output what you have. And then the ajax call for succes captures the output and warns it ( success: function(msg){ alert(msg) } ). the answer is in html.

Works well until I use ' or " in the field. Example, if I write: 'asdadsasd" turns out: \'asdadsasd\" How can i fix this?

I don't know if that matters, but in the save.php file I have:

 header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1 header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); // Date in the past header('Content-type: text/html; charset=utf-8');

And displays the message as follows:

 echo htmlspecialchars(strip_tags($message), ENT_QUOTES, 'utf-8');
+4
source share
4 answers

This is because the option is ENT_QUOTES , I will let you check: http://php.net/manual/en/function.htmlentities.php

EDIT: I forgot the slashes, are magic_quotes activated?

+1
source

Most likely, the magic quotes are extremely annoying because of PHP. Magic quotes automatically insert slashes before single and double quotes in the input provided by the user agent (ie, $_GET , $_POST and $_COOKIE , or "GPC") in an unspecified attempt to provide some security for those unaware dangers of unauthorized user input.

Of course, you should always check the magic quotes using get_magic_quotes_gpc before trying to use any GPC data. If it is on, just call stripslashes on your input before using it.

I use something similar to this at the beginning of any script I write:

 function cleanInput($input) { if (is_array($input)) { foreach ($input as &$value) { $value = cleanInput($value); } return $input; } else { return stripslashes($input); } } if (get_magic_quotes_gpc()) { $_GET = cleanInput($_GET); $_POST = cleanInput($_POST); $_COOKIE = cleanInput($_COOKIE); $_REQUEST = cleanInput($_REQUEST); }
+2
source

Try calling stripslashes on it. I think it adds slashes when it is sent / sent via ajax.

+1
source

use stripslashes

+1
source

More articles:


All Articles