I need to Remove a escape \ from wordpress the_content() output

Hi Experts,

I am having some issues with an escape being outputted in my HTML.
I have tried a few things along the lines of preg_replace, str_replace, unescape, urldecode but I am not having any luck.

On the line below, I am output a list of Wordpress Posts, but if they have an apostrophe in the content, it is escaped.

function qrcode_showquestions() {

//shows all questions as a div based table	
	echo '<div id="qr">';
		echo '<h2>Questions</h2>';
		
		echo '<div id="qrcodequestions" class="questions">';
		
		$args = array( 'post_type' => 'qrcode_question', 'posts_per_page' => '99' );
		$loop = new WP_Query( $args );
		
		if (!$loop->have_posts()) {
			echo '<div class="questioncontainer">';
				echo '<div class="question">There are no Questions in the system at this time, please add some</div>';
			echo '</div>';
		} else {
		?><form action='' method='POST' id='qrcodeform'><?php
		while ( $loop->have_posts() ) : $loop->the_post();
			echo '<div class="questioncontainer">';
				echo '<div class="question">';
					stripslashes2(the_content());          //######## Error Line
				//echo "test";
				echo '</div>';
				echo '<div class="qrcode_button"><input type="submit" name="responses" id="res'.get_the_ID().'" value="Responses" /></div>';
				echo '<div class="qrcode_button"><input type="submit" name="answers" id="ans'.get_the_ID().'" value="Answers" /></div>';
				echo '<div class="qrcode_button"><input type="submit" name="delete" id="del'.get_the_ID().'" value="Delete" /></div>';
			echo '</div>';
		endwhile;
		?></form><?php
		} //end if 
		
		echo '<div class="addquestion">';
			add_question_box(); 
			echo '</div>';
		echo '</div>';
	echo '</div>';
} //end qrcode_question

function stripslashes2($string) {
    $string = str_replace("\\\"", "", $string);
	$string = str_replace("\\\\", "", $string);
    $string = str_replace("\\'", "'", $string);
	$string = str_replace("\'", "'", $string);
    
    return $string;
}

Open in new window


A potential reason for the error is the way it is input to Wordpress which is via this function
function add_edit_question ($question, $post_id=0)
{
	// Create post object, send $post_id to edit question
	$my_post = array(
		 'post_title' => $question,
		 'post_content' => $question,
		 'post_status' => 'publish',
		 'post_author' => $user_ID,
		 'post_type' => 'qrcode_question'
	);

	// Insert the post into the database
	return wp_insert_post( $my_post );
  
} //end add_question

Open in new window


Thoughts? Ideas?
LVL 1
Craig LambieAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Terry WoodsIT GuruCommented:
It wouldn't be due to magic_quotes would it? http://nz.php.net/manual/en/security.magicquotes.what.php
0
Ray PaseurCommented:
You might want to have a look at this article:
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_6630-Magic-Quotes-a-bad-idea-from-day-one.html

Looking at the first code snippet, you might want to substitute this for the existing code at line 39...46.  I haven't tested it but it seems right in principle.  HTH, ~Ray
function stripSlashes2($string) 
{
    while ( strpos($string, '\') !== FALSE)
    {
        $string = stripSlashes($string);
    }    
    return $string;
}

Open in new window

0
Craig LambieAuthor Commented:
I thought that too, and added a line of code to the theme functions, but it didn't do anything....
0
Cloud Class® Course: Certified Penetration Testing

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

Ray PaseurCommented:
Looking again at the first code snippet, I see this on line 21.
stripslashes2(the_content());          //######## Error Line

Open in new window

From that it appears there may be two things worth changing.

Thing one might be that the stripslashes2() function provides a return value, but there is no assignment operator.  In other words, the existing code calls the function and discards the work product.

Thing two might be that the input to stripslashes2() is not located in the_content() but instead is located in $loop->the_content().  Not sure, but easy enough to test.

Taken together these two things lead me to believe that the correct code for line 21 might be something more like this.
echo stripslashes2($loop->the_content());        

Open in new window

When you are debugging it is sometimes useful to do data visualization.  You can use var_dump() to print out the contents of a variable.  Best of luck with it, ~Ray
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Craig LambieAuthor Commented:
Ok, I have tried all your suggestions with no luck...
It might be something to do with how the_content() has it's own echo in the function maybe?

But here is the line that is causing the error in the "inputting" of the data to the database:
$question = trim(htmlspecialchars(mysql_real_escape_string($question)));

Open in new window


Which if I remove the mysql_real_escape_string it will invite sql injection, but also fixes my issue....

This is the line I added to functions.php in the theme to fix magic quotes:
if ( get_magic_quotes_gpc() ) {
    $_POST      = array_map( 'stripslashes_deep', $_POST );
    $_GET       = array_map( 'stripslashes_deep', $_GET );
    $_COOKIE    = array_map( 'stripslashes_deep', $_COOKIE );
    $_REQUEST   = array_map( 'stripslashes_deep', $_REQUEST );
}

Open in new window


Ray_Paseur, your function above needed an escape on the backslash to work btw.
function stripSlashes2($string) 
{
    while ( strpos($string, '\\') !== FALSE)
    {
        $string = stripSlashes($string);
    }    
    return $string;
}
             

Open in new window




Ok.  I have found the problem and fixed it, I tried this yesterday, but I forgot to add "echo" to the line, so thanks Ray for that one.
echo stripslashes2(get_the_content());

function stripslashes2($string) {
    $string = str_replace("\\\"", "", $string);
	$string = str_replace("\\\\", "", $string);
    $string = str_replace("\\'", "'", $string);
	$string = str_replace("\\\'", "'", $string);
    
    return $string;
}

Open in new window

0
Ray PaseurCommented:
Yes, I see the need for the double escape.  I don't use systems with magic quotes, so it's hard for me to test the damage that magic quotes can inflict!
See http://www.laprbass.com/RAY_temp_cclambie.php
<?php // RAY_temp_cclambie.php
error_reporting(E_ALL);
echo "<pre>";


// SHOW THE EFFECT OF ADDING SLASHES TWICE.
// YOU CAN DO THIS WITH ADDSLASHES, OR MAGIC QUOTES
// AND YOU CAN DOUBLE IT UP WITH MYSQL_REAL_ESCAPE_STRING()


function stripSlashes2($string)
{
    while ( strpos($string, '\\') !== FALSE)
    {
        $string = stripSlashes($string);
    }
    return $string;
}

// CREATE A STRING WITH AN APOSTROPHE
$thing = <<<THING
O'Reilly
THING;
var_dump($thing);

// ESCAPE IT MORE THAN ONE TIME
$slash = addslashes($thing);
$slash = addslashes($slash);
var_dump($slash);

// CLEAN IT AND SEE WHAT IT SAYS
$clean = stripSlashes2($slash);
var_dump($clean);

Open in new window

0
Craig LambieAuthor Commented:
all fixed thanks, sorry I should of awarded when I wrote my last reply.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
WordPress

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.