...

View Full Version : Help with \" and '\ output please..



BoNfiRe
06-12-2006, 01:58 AM
I was trying to use a tutorial to build a simple news posting thing for my site that was mysql driven.

Now I think it's that strip_slashes(); thingy and I have tried fixing it myself, and all I seem to do is make a pigs ear out of it all :o :D

this is the relevant code (I think lol)

<?
session_start();
include("config.php");
$dbh=mysql_connect ($dbhost, $dbuser, $dbpassword) or die ('I cannot connect to the database because: ' . mysql_error());
mysql_select_db ($dbname,$dbh);
define("DBH",$dbh);

function getPage($field='seoname',$value=''){
$result = mysql_query("SELECT * FROM articles WHERE {$field}='{$value}'", DBH);
$page = mysql_fetch_assoc($result);
return $page;
}

function getPages($field='parent',$value='0'){
$result = mysql_query("SELECT * FROM articles WHERE {$field}='{$value}'", DBH);
$pages = array();
while( $row = mysql_fetch_assoc($result) ){
$pages[$row['id']] = $row;
}
return $pages;
}

function AddPage(){
// $_POST['akey'] = makeKey(10); // Obsolete
unset($_POST['id']);
$_POST['seoname'] = seoname($_POST['title']);
$query = "INSERT INTO articles (".implode(", ",array_keys
($_POST)).") VALUES ('".implode("', '",array_map
("mysql_real_escape_string",$_POST))."')";
mysql_query($query,DBH) or die( mysql_error() );
return mysql_insert_id();
}

function UpdatePage($pid){
$_POST['seoname'] = seoname($_POST['title']);
$query = "UPDATE articles SET ";
foreach($_POST as $field => $value) {
$query .= "$field = '".mysql_real_escape_string ($value)."', ";
}
$query = substr($query, 0, strlen($query)-2)." WHERE id = '{$pid}'";
mysql_query($query,DBH) or die( mysql_error() );
return mysql_affected_rows();
}

function DeletePage($pid){
unset($_POST['step']);
$query = "DELETE FROM articles WHERE id = '{$pid}'";
mysql_query($query,DBH) or die( mysql_error() );
return mysql_affected_rows();
}

function seoname($string){
$string = ltrim($string);
$string = preg_replace( "/ +/", " ", strtolower($string) );
$string = str_replace(' - ', '-', $string);
$string = str_replace(array('-','%',';','/','?',':','@','&','=','+','$',',','#','(',')'), '',
$string);
$search = array(" ", "", "", "","","","","","","",",",);
$replace = array("","ae","oe","ue","e","i","e","e","a","c",",",);
$string = str_replace($search, $replace, $string);
$string = preg_replace("/[^a-z0-9_-]/", "", $string);
$string = strtolower($string);
return urlencode($string);
}
?>

I think it's the bottom bit and have even read some stuff in the php manual but it just looses me and everything I try doesn't seem to make a difference.
Any help is much appreciated

TIA
BoN

vinyl-junkie
06-12-2006, 04:47 AM
Are you getting an error or what? I'm not sure what you want us to do for you. Could you be a little more specific?

BoNfiRe
06-12-2006, 10:34 AM
Sorry yes I wasn't that specific sorry :s

When I post news to the news section and I use a " or a ' it will print out either \" or \' and if I edit ti and don't remove the \" it will keep adding more.

Thanks
BoN

harsh789
06-12-2006, 04:16 PM
use stripslashes function, this will remove \ from the text.

mculey
06-12-2006, 10:13 PM
Turning off magic quotes is a much better option than using strip_slashes. Yes, it means you have to be more vigilant in your checking of variables provided by your users but magic_quotes just makes you lazy and introduces more issues than it's worth. You can read up on magic quotes at http://www.php.net/magic_quotes.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum