0

I don't want slashes in my $_POST values. I want to deal with that kind if thing myself.

I am having problems getting rid of said slashes. You can see the results of the following code here: http://www.slyme.co.uk/sanitise.php

View the source - htmlentities seems to work, stripslashes doesn't unless I do this:

echo stripslashses($test_string);

I want to do all sorts of processing and would rather use functions but I just can't see why I can't get it right in a function or an if statement.

check out this page:

<?php
function sanitise($input){
	if (get_magic_quotes_gpc()) {
		stripslashes($input);
	}
	return htmlentities($input, ENT_QUOTES);
}
function un_sanitise($input){
	if (get_magic_quotes_gpc()) {
		stripslashes($input);
	}
	return $input;
}
if (isset($_POST['test'])) {
	$test_string = $_POST['test'];
} else {
	$test_string = '';
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
<style type="text/css">
<!--
#wrap {width:400px; margin-left:auto; margin-right:auto;}
.box {border:1px solid #CCCCCC; margin:5px;padding:5px;}
.title {font-weight:bold;}
-->
</style>
</head>

<body>
<div id="wrap">
	<div class="box">
		<div class="title">Magic Quotes</div>
		<?php
		if (get_magic_quotes_gpc()) {
			echo 'Magic Quotes On';
		} else {
			echo 'Magic Quotes Off';
		}
		?>
	</div>
	
	<div class="box">
		<div class="title">Raw String</div>
		<?php echo $test_string ?>
	</div>
	
	<div class="box">
		<div class="title">Strip Slashes</div>
		<?php
		if (get_magic_quotes_gpc()) {
			stripslashes($test_string);
		}
		echo $test_string;
		?>
	</div>
	
	<div class="box">
		<div class="title">Sanitise</div>
		<?php
		if (get_magic_quotes_gpc()) {
			stripslashes($test_string);
		}
		echo htmlentities($test_string, ENT_QUOTES);
		?>
	</div>

	<div class="box">
		<div class="title">Sanitise Function</div>
		<?php
		echo sanitise($test_string);
		?>
	</div>

	<div class="box">
		<div class="title">Strip Slashes Function</div>
		<?php
		echo un_sanitise($test_string);
		?>
	</div>
</div>
<form method="post" action="">
  <table align="center">
    <tr>
      <td>
		<textarea name="test" id="test"></textarea>
      </td>
    </tr>
    <tr>
      <td>
	  	<input name="submit" type="submit" value="Submit" />
      </td>
    </tr>
    <tr>
      <td>
	  	echo stripslashes($test_string) = <?php echo stripslashes($test_string) ?>
      </td>
    </tr>
  </table>
</form>

</body>
</html>

Edited by slyme: n/a

2
Contributors
2
Replies
3
Views
7 Years
Discussion Span
Last Post by slyme
0

stripslashes is a function which returns a string. It has no effect on the string itself. A statement such as "stripslashes($input)" has no effect on the $input variable as such. You probably intended something like "$input = stripslashes($input)".
HTH

Edited by Simon Tite: n/a

0

stripslashes is a function which returns a string. It has no effect on the string itself. A statement such as "stripslashes($input)" has no effect on the $input variable as such. You probably intended something like "$input = stripslashes($input)".
HTH

Thanks Simon, I just knew it was going to be something that was staring me in the face - I'm just glad it wasn't something even more basic like a semi-colon missing at the end of a line!

Thank you so much for taking the trouble to help,

Simon.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.