gamebits
asked on
Escaping (') and (") with magic_quotes_gpc on
Server configuration
Directive Local Value Master Value
magic_quotes_gpc On On
magic_quotes_runtime Off Off
magic_quotes_sybase Off Off
Commercial hosting cannot touch php.ini
Problem, I need to carry posted data from user over 4 different pages on the fifth pages sql query to insert the data, at this point I'm using hidden fields in the form, so basically user fill a form go to the next page information is displayed as well as some other fields, the information displayed is also in the new form as hidden value and then we go to the next page and so on.
This work alright untill somebody use (") than wathever is after the first that is being cut off, I tried mysql_real_escape_string, addslashes, stripslashes etc and I cannot get it right.
Any advice would be greatly appreciated.
Directive Local Value Master Value
magic_quotes_gpc On On
magic_quotes_runtime Off Off
magic_quotes_sybase Off Off
Commercial hosting cannot touch php.ini
Problem, I need to carry posted data from user over 4 different pages on the fifth pages sql query to insert the data, at this point I'm using hidden fields in the form, so basically user fill a form go to the next page information is displayed as well as some other fields, the information displayed is also in the new form as hidden value and then we go to the next page and so on.
This work alright untill somebody use (") than wathever is after the first that is being cut off, I tried mysql_real_escape_string, addslashes, stripslashes etc and I cannot get it right.
Any advice would be greatly appreciated.
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
The first time I'm using the posted data I clean up the data by using stripslashes and then I save the data in a session, if on a subsequent page I need to display the data I just echo the session variable, when I'm ready to insert the data in the database I use mysql_real_escape_string()
The data will be saved in the db with all the quotation mark escaped as well as the newline and return characters.
To display the data from the db I use nl2br() function.