Note: To sanitize the string
<?php
$mike = "Mike's";
echo filter_var($mike, FILTER_SANITIZE_STRING);
?>
Вопрос
I have a form that submits to a database. But before it enters the database the submitted data is output on the screen. Currently, if I have "Mike's" submitted, it outputs "Mike\'s".
I have tried the below code to see if it is Magic Quotes, but this has not helped.
if ((function_exists("get_magic_quotes_gpc") && get_magic_quotes_gpc()) ||
ini_get('magic_quotes_sybase')
) {
foreach($_GET as $k => $v)
$_GET[$k] = stripslashes($v);
foreach($_POST as $k => $v)
$_POST[$k] = stripslashes($v);
foreach($_COOKIE as $k => $v)
$_COOKIE[$k] = stripslashes($v);
}
What should I look for?
Нет правильного решения
Другие советы
Note: To sanitize the string
<?php
$mike = "Mike's";
echo filter_var($mike, FILTER_SANITIZE_STRING);
?>
Despite looking like a constant, editing $_POST should work. Then again, your code didn't work for me, either.
This works:
function getReq($key){
return isset($_REQUEST[$key]) ? stripslashes($_REQUEST[$key]) : "";
}
I haven't found why PHP (5.3.0 on WAMPSERVER 2.0 in my case) seems to magically change POST data while get_magic_quotes_gpc()
returns 0, and frankly don't care to waste more time on its dirty innards.
There's a possibility it's in the code you're using to output to the screen.
If you were, for instance, using var_export()
, one would expect to see character escapes on apostrophes.
It seems silly to answer after all these years but I see your post is active so i'll try.
First try this function stripslashes()
. Doc: (https://www.php.net/manual/en/function.stripslashes.php)
Should this not work.
Do you display the data directly from the $_POST variable or retrieve it from the DB? It might be saved as is in the DB and that would mean a UTF8 convert issue.
I kept my answer short and don't wish to add more unncessary info unless you need it.