Link to home
Start Free TrialLog in
Avatar of bmh777
bmh777

asked on

stripslashes( ) and double quotes

Using this code:

reset($_POST);
while(list($key,$val) = each($_POST)){
  if(is_string($val))
    $_POST[$key] = stripslashes($val);
}

double quotes are always removed from my text box entries.  So:

e"

becomes

e

after a POST. Why is that happening? (single quotes and backslashes are fine)

bmh
Avatar of bobsledbob
bobsledbob

Double quotes are special and usually get converted to %22 by your browser.  (This is similar to spaces getting converted to %20).  Is this why you're experiencing problems?

if you could do something like this, you'd see what's in your $_POST array:

  echo "<pre>\n";
  print_r($_POST);
  echo "</pre>\n";

Also, it never hurts to have:

  error_reporting(E_ALL);

in your script while you're debugging.

Adam
Avatar of bmh777
bmh777

ASKER

I'm using:

reset($_POST);
echo "<br><pre>POST Superglobal Array<br>";
var_dump($_POST);
echo "</pre>";

to see what's in the array. Every thing is fine in the array. The form entry:

e"

is stored in the POST array as

e"

but is displayed as

e

This happens in both IE 6 and NN 6.

I think I do have error_reporting set to E_ALL. How do I check?

bmh
Avatar of bobsledbob
bobsledbob

What's the code that you're using to display e" ??

I'm thinking you've got a problem where you're echoing your post output into an html tag that doesn't like quotes.  You should probably try to display e" first by running it through the htmlentities() function:

echo htmlentities($_POST[$key], ENT_QUOTES);

Ie. I'm guessing you have code like this, right?

echo "<option value=\"" . $_POST[$key] . "\">" . $_POST[$key] . "</option>\n";

If so, then the HTML produced from your e" example will be:

<option value="e"">e"</option>

or some such nonsense.

the point is, you'll want it to look like this:

<option value="e&quot;">e&quot;</option>

which the htmlentities function will do for you.

Post the code which you're using to display $_POST[$key] with as well as your resulting HTML (view the source to see).  Using NN6+, the source will be colorized so that you can see your html errors better.

I think you can just do this to see which error reporting level you're at:

echo error_reporting();  // ie call the function without an argument.  however, i'm just guessing here.

however, you can set error_reporting(E_ALL); at any time which will guarentee you're seeing all of the error messages coming from your script.

Avatar of bmh777
bmh777

ASKER

reset($_POST);
while(list($key,$val) = each($_POST)){
  if(is_string($val))
    $_POST[$key] = stripslashes($val);
}

extract($_POST);

<tr>
  <td height="15" bgcolor="#F0F8FF"></td>
  <td height="15" colspan="3" valign="top" bgcolor="#F8F0D8">
    <input type="text" name="first_name" value="$first_name">
    <input type="text" name="middle_name" value="$middle_name" > 
    <input type="text" name="last_name" value="$last_name"></td>
</tr>

I'm using var_dump($_POST) for debugging only. So the echo isn't the problem. I enter "e"",  click submit, and "e" is re-POSTed to the text box. As I said this is baffling because "e'" and "e/" are returned correctly.

php.ini settings
------------------
magic_quotes_gpc=On
magic_quotes_runtime=Off
magic_quotes_sybase=Off
ASKER CERTIFIED SOLUTION
Avatar of bobsledbob
bobsledbob
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial