html/php form escaping quotes

Goodshape · 18-09-2007 5:29pm #1

I've got a simple HTML form passing information to an even simpler PHP script. At the moment I'm just trying to figure out why my quotes (' and ") are being escaped (i.e. \' and \") without my say-so.

Form page :

<p><label for="edition_comments">Comments </label><textarea id="edition_comments" name="edition_comments"></textarea></p>

Processing page :

$comments = $_POST['edition_comments'];
echo $comments;

Without any additional input from me (afaik), entering something like that's in the form comes through as that\'s on the other end.

Anyone have any ideas? Thanks.

forbairt · 18-09-2007 5:37pm

By default php has magic quotes switched on

try the following in a php file

echo get_magic_quotes_gpc();

a 1 means its on ...

if you don't want it on .. go into you php.ini file and find magic_quotes_gpc = On
and change it to magic_quotes_gpc = Off

BTW I'd leave it on if I were you ...

Its a safety feature to try stopping sql injection attacks ...

there's a function called stripslashes() you can use to remove them

Goodshape · 18-09-2007 5:40pm

Indeed it is a '1'.

Cheers for that