jackjohnson44
asked on
php strip apostrophes
Is there a way to put something above a file to strip ' from all forms and then be able to use the HTTP_POST_VARS later on?
Heh, no that won't; that won't do anything at all. THIS would do it:
$_POST = array_map($_POST, 'inexplicably-remove_singl e_quotes') ;
$_POST = array_map($_POST, 'inexplicably-remove_singl
Are you familiar with addslashes()? This will escape all your quotes.
Well, the way to handle quotes depends on where they're going. If into a MySQL database then mysql_real_escape_string() would be more appropriate. If into an HTML page then htmlentities() would be more appropriate. addslashes() is a generic way of escaping, but often isn't the right way.
ASKER
I am posting the page back to itself, and the form repopulates.
If it posts back and it has a quote, it will keep putting slashes in the text box.
I totally want to turn them off and if I need them I can add them myself.
Is there a way to turn it off?
If it posts back and it has a quote, it will keep putting slashes in the text box.
I totally want to turn them off and if I need them I can add them myself.
Is there a way to turn it off?
Yes, it's an option in php.ini -- see http://www.php.net/manual/en/security.magicquotes.disabling.php
If you're on a server where you can't control php.ini, the code I posted is a workaround: it just takes the slashes back out after PHP adds them. It's annoying, yes, but once you've done it the effect is as though PHP never poked its head into it in the first place.
If you're on a server where you can't control php.ini, the code I posted is a workaround: it just takes the slashes back out after PHP adds them. It's annoying, yes, but once you've done it the effect is as though PHP never poked its head into it in the first place.
ASKER
Is this what you are talking about?
$_POST = array_map($_POST, 'inexplicably-remove_singl e_quotes') ;
Can I just put it in an include file?
What does this mean: inexplicably-remove_single _quotes
Does this do anything to: HTTP_POST_VARS?
This is what I want to change.
$_POST = array_map($_POST, 'inexplicably-remove_singl
Can I just put it in an include file?
What does this mean: inexplicably-remove_single
Does this do anything to: HTTP_POST_VARS?
This is what I want to change.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Meanwhile, this will do what you've asked:
function inexplicably_remove_single
return str_replace("'", '', $s);
}
$_POST = array_map($_POST, $s);
(Though I've here used the more up-to-date $_POST you could do the same thing with $HTTP_POST_VARS if necessary.)