How do I remove backslash from users input
Question
I'm getting blur to this one :P
function escape($string)
{
$string = stripslashes($string);
if (function_exists('mysql_real_escape_string')) {
return mysql_real_escape_string($string, $this->connection);
} else {
return mysql_escape_string($string);
}
}
$content = '""""""test\'te%%%%st`test_huhu\'_';
echo '<br>output 1 = '.stripslashes($content);
echo '<br>output 2 = '.$db->escape($content);
The output
output 1 = """"""test'te%%%%st`test_huhu'_
output 2 = \"\"\"\"\"\"test\'te%%%%st`test_huhu\'_
How to make output 2
will be same like output 1
and why the output 2
to be like that?
Solution
mysql_real_escape_string
escapes all "
and '
that's why you get all those slashes. If you remove the slashes before putting the data in a database you're open for attacks which
is very bad for security dont you think?
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow