Solved

php strip apostrophes

Posted on 2006-11-15
8
1,259 Views
Last Modified: 2009-12-16
Is there a way to put something above a file to strip '  from all forms and then be able to use the HTTP_POST_VARS later on?
0
Comment
Question by:jackjohnson44
  • 5
  • 2
8 Comments
 
LVL 19

Expert Comment

by:VoteyDisciple
Comment Utility
Yes, but I strongly suspect there's a more direct way of solving the problem you're facing.  What IS the original problem you're facing?

Meanwhile, this will do what you've asked:

function inexplicably_remove_single_quotes(/* string */ $s) {
    return str_replace("'", '', $s);
}

$_POST = array_map($_POST, $s);

(Though I've here used the more up-to-date $_POST you could do the same thing with $HTTP_POST_VARS if necessary.)
0
 
LVL 19

Expert Comment

by:VoteyDisciple
Comment Utility
Heh, no that won't; that won't do anything at all.  THIS would do it:

$_POST = array_map($_POST, 'inexplicably-remove_single_quotes');
0
 

Expert Comment

by:choosebooks
Comment Utility
Are you familiar with addslashes()?  This will escape all your quotes.  
0
 
LVL 19

Expert Comment

by:VoteyDisciple
Comment Utility
Well, the way to handle quotes depends on where they're going.  If into a MySQL database then mysql_real_escape_string() would be more appropriate.  If into an HTML page then htmlentities() would be more appropriate.  addslashes() is a generic way of escaping, but often isn't the right way.
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 

Author Comment

by:jackjohnson44
Comment Utility
I am posting the page back to itself, and the form repopulates.
If it posts back and it has a quote, it will keep putting slashes in the text box.
I totally want to turn them off and if I need them I can add them myself.
Is there a way to turn it off?
0
 
LVL 19

Expert Comment

by:VoteyDisciple
Comment Utility
Yes, it's an option in php.ini -- see http://www.php.net/manual/en/security.magicquotes.disabling.php

If you're on a server where you can't control php.ini, the code I posted is a workaround: it just takes the slashes back out after PHP adds them.  It's annoying, yes, but once you've done it the effect is as though PHP never poked its head into it in the first place.
0
 

Author Comment

by:jackjohnson44
Comment Utility
Is this what you are talking about?
$_POST = array_map($_POST, 'inexplicably-remove_single_quotes');

Can I just put it in an include file?

What does this mean: inexplicably-remove_single_quotes

Does this do anything to: HTTP_POST_VARS?

This is what I want to change.

0
 
LVL 19

Accepted Solution

by:
VoteyDisciple earned 500 total points
Comment Utility
Wait, wait, that's not quite right: you don't want to remove QUOTES, you want (and this sounds like a much more reasonable plan to me) to just remove ESCAPING of quotes.

For that just use stripslashes().

$HTTP_POST_VARS = array_map($HTTP_POST_VARS, 'stripslashes');


The inexplicably_remove_single_quotes (see my first comment for the definition of that function) actually removed the QUOTES, which is what you first asked.  To just undo the escaping all you need is the built-in stripslashes function.
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
MYSQL simple update statement 3 32
Adding Extra Information box 4 23
Creating a slider 12 32
Editing login page in zencart. 2 13
Deprecated and Headed for the Dustbin By now, you have probably heard that some PHP features, while convenient, can also cause PHP security problems.  This article discusses one of those, called register_globals.  It is a thing you do not want.  …
This article discusses four methods for overlaying images in a container on a web page
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now