?
Solved

I need to Remove a escape \ from wordpress the_content() output

Posted on 2012-03-24
7
Medium Priority
?
1,290 Views
Last Modified: 2012-03-25
Hi Experts,

I am having some issues with an escape being outputted in my HTML.
I have tried a few things along the lines of preg_replace, str_replace, unescape, urldecode but I am not having any luck.

On the line below, I am output a list of Wordpress Posts, but if they have an apostrophe in the content, it is escaped.

function qrcode_showquestions() {

//shows all questions as a div based table	
	echo '<div id="qr">';
		echo '<h2>Questions</h2>';
		
		echo '<div id="qrcodequestions" class="questions">';
		
		$args = array( 'post_type' => 'qrcode_question', 'posts_per_page' => '99' );
		$loop = new WP_Query( $args );
		
		if (!$loop->have_posts()) {
			echo '<div class="questioncontainer">';
				echo '<div class="question">There are no Questions in the system at this time, please add some</div>';
			echo '</div>';
		} else {
		?><form action='' method='POST' id='qrcodeform'><?php
		while ( $loop->have_posts() ) : $loop->the_post();
			echo '<div class="questioncontainer">';
				echo '<div class="question">';
					stripslashes2(the_content());          //######## Error Line
				//echo "test";
				echo '</div>';
				echo '<div class="qrcode_button"><input type="submit" name="responses" id="res'.get_the_ID().'" value="Responses" /></div>';
				echo '<div class="qrcode_button"><input type="submit" name="answers" id="ans'.get_the_ID().'" value="Answers" /></div>';
				echo '<div class="qrcode_button"><input type="submit" name="delete" id="del'.get_the_ID().'" value="Delete" /></div>';
			echo '</div>';
		endwhile;
		?></form><?php
		} //end if 
		
		echo '<div class="addquestion">';
			add_question_box(); 
			echo '</div>';
		echo '</div>';
	echo '</div>';
} //end qrcode_question

function stripslashes2($string) {
    $string = str_replace("\\\"", "", $string);
	$string = str_replace("\\\\", "", $string);
    $string = str_replace("\\'", "'", $string);
	$string = str_replace("\'", "'", $string);
    
    return $string;
}

Open in new window


A potential reason for the error is the way it is input to Wordpress which is via this function
function add_edit_question ($question, $post_id=0)
{
	// Create post object, send $post_id to edit question
	$my_post = array(
		 'post_title' => $question,
		 'post_content' => $question,
		 'post_status' => 'publish',
		 'post_author' => $user_ID,
		 'post_type' => 'qrcode_question'
	);

	// Insert the post into the database
	return wp_insert_post( $my_post );
  
} //end add_question

Open in new window


Thoughts? Ideas?
0
Comment
Question by:Craig Lambie
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
7 Comments
 
LVL 35

Expert Comment

by:Terry Woods
ID: 37762058
It wouldn't be due to magic_quotes would it? http://nz.php.net/manual/en/security.magicquotes.what.php
0
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 37762444
You might want to have a look at this article:
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_6630-Magic-Quotes-a-bad-idea-from-day-one.html

Looking at the first code snippet, you might want to substitute this for the existing code at line 39...46.  I haven't tested it but it seems right in principle.  HTH, ~Ray
function stripSlashes2($string) 
{
    while ( strpos($string, '\') !== FALSE)
    {
        $string = stripSlashes($string);
    }    
    return $string;
}

Open in new window

0
 
LVL 1

Author Comment

by:Craig Lambie
ID: 37762447
I thought that too, and added a line of code to the theme functions, but it didn't do anything....
0
TCP/IP Network Protocol Cheat Sheet

TCP/IP is a set of network protocols which is best known for connecting the machines that make up the Internet. The truth is that TCP/IP is one of the oldest network protocols and its survival is mainly based on its simplicity and universality.

 
LVL 111

Accepted Solution

by:
Ray Paseur earned 1400 total points
ID: 37762479
Looking again at the first code snippet, I see this on line 21.
stripslashes2(the_content());          //######## Error Line

Open in new window

From that it appears there may be two things worth changing.

Thing one might be that the stripslashes2() function provides a return value, but there is no assignment operator.  In other words, the existing code calls the function and discards the work product.

Thing two might be that the input to stripslashes2() is not located in the_content() but instead is located in $loop->the_content().  Not sure, but easy enough to test.

Taken together these two things lead me to believe that the correct code for line 21 might be something more like this.
echo stripslashes2($loop->the_content());        

Open in new window

When you are debugging it is sometimes useful to do data visualization.  You can use var_dump() to print out the contents of a variable.  Best of luck with it, ~Ray
0
 
LVL 1

Author Comment

by:Craig Lambie
ID: 37763655
Ok, I have tried all your suggestions with no luck...
It might be something to do with how the_content() has it's own echo in the function maybe?

But here is the line that is causing the error in the "inputting" of the data to the database:
$question = trim(htmlspecialchars(mysql_real_escape_string($question)));

Open in new window


Which if I remove the mysql_real_escape_string it will invite sql injection, but also fixes my issue....

This is the line I added to functions.php in the theme to fix magic quotes:
if ( get_magic_quotes_gpc() ) {
    $_POST      = array_map( 'stripslashes_deep', $_POST );
    $_GET       = array_map( 'stripslashes_deep', $_GET );
    $_COOKIE    = array_map( 'stripslashes_deep', $_COOKIE );
    $_REQUEST   = array_map( 'stripslashes_deep', $_REQUEST );
}

Open in new window


Ray_Paseur, your function above needed an escape on the backslash to work btw.
function stripSlashes2($string) 
{
    while ( strpos($string, '\\') !== FALSE)
    {
        $string = stripSlashes($string);
    }    
    return $string;
}
             

Open in new window




Ok.  I have found the problem and fixed it, I tried this yesterday, but I forgot to add "echo" to the line, so thanks Ray for that one.
echo stripslashes2(get_the_content());

function stripslashes2($string) {
    $string = str_replace("\\\"", "", $string);
	$string = str_replace("\\\\", "", $string);
    $string = str_replace("\\'", "'", $string);
	$string = str_replace("\\\'", "'", $string);
    
    return $string;
}

Open in new window

0
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 37763762
Yes, I see the need for the double escape.  I don't use systems with magic quotes, so it's hard for me to test the damage that magic quotes can inflict!
See http://www.laprbass.com/RAY_temp_cclambie.php
<?php // RAY_temp_cclambie.php
error_reporting(E_ALL);
echo "<pre>";


// SHOW THE EFFECT OF ADDING SLASHES TWICE.
// YOU CAN DO THIS WITH ADDSLASHES, OR MAGIC QUOTES
// AND YOU CAN DOUBLE IT UP WITH MYSQL_REAL_ESCAPE_STRING()


function stripSlashes2($string)
{
    while ( strpos($string, '\\') !== FALSE)
    {
        $string = stripSlashes($string);
    }
    return $string;
}

// CREATE A STRING WITH AN APOSTROPHE
$thing = <<<THING
O'Reilly
THING;
var_dump($thing);

// ESCAPE IT MORE THAN ONE TIME
$slash = addslashes($thing);
$slash = addslashes($slash);
var_dump($slash);

// CLEAN IT AND SEE WHAT IT SAYS
$clean = stripSlashes2($slash);
var_dump($clean);

Open in new window

0
 
LVL 1

Author Closing Comment

by:Craig Lambie
ID: 37763964
all fixed thanks, sorry I should of awarded when I wrote my last reply.
0

Featured Post

TCP/IP Network Protocol Cheat Sheet

TCP/IP is a set of network protocols which is best known for connecting the machines that make up the Internet. The truth is that TCP/IP is one of the oldest network protocols and its survival is mainly based on its simplicity and universality.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory replication delay is the cause to many problems.  Here is a super easy script to force Active Directory replication to all sites with by using an elevated PowerShell command prompt, and a tool to verify your changes.
Originally, this post was published on Monitis Blog, you can check it here . In business circles, we sometimes hear that today is the “age of the customer.” And so it is. Thanks to the enormous advances over the past few years in consumer techno…
The purpose of this video is to demonstrate how to prevent comment spam on a WordPress Website. This will be demonstrated using a Windows 8 PC. Plugin Akismet will be used. Go to your WordPress login page. This will look like the following: myw…
The purpose of this video is to demonstrate how to set up the permalinks on a WordPress Website. This will be demonstrated using a Windows 8 PC. Go to your WordPress login page. This will look like the following: mywebsite.com/wp-login.php : Go t…
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question