View Full Version : htmlentities converts too much on single quotes

10-02-2003, 05:02 PM
I've got the following in my code...


when I post the form, and print the $logData variable, I get the following...

input = "What's up?"
output = "What\'s up?"

I want the output to be...

output = "What's up?"

I don't want that leading slash. Any ideas?

10-02-2003, 06:10 PM
Could try using stripslashes() (http://www.php.net/stripslashes)

10-02-2003, 06:19 PM
That's probably due to magic_quotes_gpc activated. It's one of those goodies some PHP developers put into the code, and everyone dislikes because it makes things so... uncertain and fuzzy. Bascially it escapes all quotes etc. before the value reaches your PHP script, which screws up any value comparisons of course and leads to astonishment to those who encounter it the first time.

If you can, disable it in your php.ini. If you can't do that, you have to manually clean the GPC values you need before you further process them. Here's some sample code that can be used for that:

* Cleans GET variables of unnecessary magic_quotes junk.
* @param mixed Associative array of GPC variables or single value
* @return mixed Cleaned value/array.
function cleanValues($value) {
if (get_magic_quotes_gpc()) {
if (!is_array($value)) {
return stripslashes($value);
} else {
return array_map('cleanValues', $value);
return $value;

if (count($_POST)) {
$_POST = cleanValues($_POST);

$logData = htmlentities($_POST['logData'], ENT_QUOTES);
print $logData;

10-02-2003, 06:50 PM
Great. Thanks, now one quick related question,

I'm running on an IIS 6 with php 4.3 and according to ini_set in the php manual, magic_quotes_gpc has a setting of "PHP_INI_PERDIR" which means you can change the setting in the php.ini, .htaccess or htttpd.conf.

Now, since I'm on IIS (no httpd.conf nor .htaccess) does php still look to see if there's a .htaccess file?

If so, what would I add to that file to make the change?