Data Manipulation and Conversion

Page 1 of 5

Dealing with Magic Quotes

A common problem when working and displaying form data can be traced to what is usually considered a nicety in PHPmagic quotes. When you're working with data external to PHP (whether from a form submission or a database), PHP can automatically add an escape character (backslash) to any characters, which could cause problems. For instance, if a string contains a quote character (single or double), it may cause a problem if displayed directly to the browser as shown next:

NOTE

Magic quotes are enabled/disabled by the magic_quotes_gpc, magic_quotes_runtime, and magic_quotes_sybase PHP directives.

<?php $foo = '"this is my value"'; ?>
<INPUT TYPE="TEXT" NAME="myvalue" VALUE="<?php echo $foo; ?>">

When actually executed by PHP, the resulting HTML will contain an extra set of double quotes for the VALUE attribute:

<INPUT TYPE="TEXT" NAME="myvalue" VALUE=""this is my value"">

Unfortunately, when you're working with data submitted to the Web server (GET, POST, and so on) there is no way to turn the magic quotes feature on or off while the script is being executed. To make your script compatible with any configuration of PHP, you'll need to deal with both circumstances. To accomplish this, you'll need two new functions: addslashes() and stripslashes(). These two functions are used to add or remove slashes (when appropriate) from the provided string. The syntax for these functions is as follows:

<< Start < Prev 1 2 3 4 5 Next > End >>

This entry was posted on . You can follow any responses to this entry through the RSS 2.0 feed. You can leave a comment. Tags: Simple PHP, Pear, Easy PHP, PHP Tutorial, PHP MySQL, XSLT, Sap Tutorial, CSS Tutorial, XSL FO Java, SQL Tutorial.

Users' Comments (0)

Comment an article

No comment posted