• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1282
  • Last Modified:

php strip apostrophes

Is there a way to put something above a file to strip '  from all forms and then be able to use the HTTP_POST_VARS later on?
0
jackjohnson44
Asked:
jackjohnson44
  • 5
  • 2
1 Solution
 
VoteyDiscipleCommented:
Yes, but I strongly suspect there's a more direct way of solving the problem you're facing.  What IS the original problem you're facing?

Meanwhile, this will do what you've asked:

function inexplicably_remove_single_quotes(/* string */ $s) {
    return str_replace("'", '', $s);
}

$_POST = array_map($_POST, $s);

(Though I've here used the more up-to-date $_POST you could do the same thing with $HTTP_POST_VARS if necessary.)
0
 
VoteyDiscipleCommented:
Heh, no that won't; that won't do anything at all.  THIS would do it:

$_POST = array_map($_POST, 'inexplicably-remove_single_quotes');
0
 
choosebooksCommented:
Are you familiar with addslashes()?  This will escape all your quotes.  
0
Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
VoteyDiscipleCommented:
Well, the way to handle quotes depends on where they're going.  If into a MySQL database then mysql_real_escape_string() would be more appropriate.  If into an HTML page then htmlentities() would be more appropriate.  addslashes() is a generic way of escaping, but often isn't the right way.
0
 
jackjohnson44Author Commented:
I am posting the page back to itself, and the form repopulates.
If it posts back and it has a quote, it will keep putting slashes in the text box.
I totally want to turn them off and if I need them I can add them myself.
Is there a way to turn it off?
0
 
VoteyDiscipleCommented:
Yes, it's an option in php.ini -- see http://www.php.net/manual/en/security.magicquotes.disabling.php

If you're on a server where you can't control php.ini, the code I posted is a workaround: it just takes the slashes back out after PHP adds them.  It's annoying, yes, but once you've done it the effect is as though PHP never poked its head into it in the first place.
0
 
jackjohnson44Author Commented:
Is this what you are talking about?
$_POST = array_map($_POST, 'inexplicably-remove_single_quotes');

Can I just put it in an include file?

What does this mean: inexplicably-remove_single_quotes

Does this do anything to: HTTP_POST_VARS?

This is what I want to change.

0
 
VoteyDiscipleCommented:
Wait, wait, that's not quite right: you don't want to remove QUOTES, you want (and this sounds like a much more reasonable plan to me) to just remove ESCAPING of quotes.

For that just use stripslashes().

$HTTP_POST_VARS = array_map($HTTP_POST_VARS, 'stripslashes');


The inexplicably_remove_single_quotes (see my first comment for the definition of that function) actually removed the QUOTES, which is what you first asked.  To just undo the escaping all you need is the built-in stripslashes function.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

  • 5
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now