PHP adding backslashes to POST data

Question

I have a form that submits to a database. But before it enters the database the submitted data is output on the screen. Currently, if I have "Mike's" submitted, it outputs "Mike\'s".

I have tried the below code to see if it is Magic Quotes, but this has not helped.

if ((function_exists("get_magic_quotes_gpc") && get_magic_quotes_gpc()) ||
    ini_get('magic_quotes_sybase')
   ) {

    foreach($_GET as $k => $v)
        $_GET[$k] = stripslashes($v);
    foreach($_POST as $k => $v)
        $_POST[$k] = stripslashes($v);
    foreach($_COOKIE as $k => $v)
        $_COOKIE[$k] = stripslashes($v);
}

What should I look for?

Answer 1

Note: To sanitize the string

<?php

    $mike = "Mike's";

    echo filter_var($mike, FILTER_SANITIZE_STRING);

?>

Answer 2

Despite looking like a constant, editing $_POST should work. Then again, your code didn't work for me, either.

This works:

function getReq($key){
    return isset($_REQUEST[$key]) ? stripslashes($_REQUEST[$key]) : "";
}

I haven't found why PHP (5.3.0 on WAMPSERVER 2.0 in my case) seems to magically change POST data while get_magic_quotes_gpc() returns 0, and frankly don't care to waste more time on its dirty innards.

Answer 3

There's a possibility it's in the code you're using to output to the screen.

If you were, for instance, using var_export(), one would expect to see character escapes on apostrophes.

Answer 4

It seems silly to answer after all these years but I see your post is active so i'll try.

First try this function stripslashes(). Doc: (https://www.php.net/manual/en/function.stripslashes.php)

Should this not work.

Do you display the data directly from the $_POST variable or retrieve it from the DB? It might be saved as is in the DB and that would mean a UTF8 convert issue.

I kept my answer short and don't wish to add more unncessary info unless you need it.