Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 6 of 6

Thread: $_POST problem

  1. #1
    New Coder
    Join Date
    Aug 2011
    Posts
    51
    Thanks
    6
    Thanked 12 Times in 12 Posts

    $_POST problem

    I have a name input
    PHP Code:
    $_POST['name'
    and for some reason, when I type in ' in the html form it outputs as \'
    I don't know why but it is causing problems. Can anyone explain why this is happening?

  • #2
    Master Coder
    Join Date
    Jun 2003
    Location
    Cottage Grove, Minnesota
    Posts
    9,472
    Thanks
    8
    Thanked 1,085 Times in 1,076 Posts
    PHP puts a "slash" in front of special or reserved characters ...

    Try this ...

    $name=stripslashes($_POST['name']);
    echo "Name: $name";

    See what happens.



    .

  • Users who have thanked mlseim for this post:

    ASTP001 (09-06-2011)

  • #3
    New Coder
    Join Date
    Aug 2011
    Posts
    51
    Thanks
    6
    Thanked 12 Times in 12 Posts
    Thanks, that works. I think the reason why php was doing that was to prevent SQL injections, and I think that is a real smart idea. Now, stripping the slashes works for now, and the way I coded it I don't think it's a security risk... I think it's called magic quotes.

  • #4
    Senior Coder
    Join Date
    Apr 2010
    Posts
    1,423
    Thanks
    69
    Thanked 102 Times in 101 Posts
    Correct, it is to help prevent injections. It can be safe depending on what is going in the box and who is entering the data into it.

  • #5
    Supreme Master coder! abduraooft's Avatar
    Join Date
    Mar 2007
    Location
    N/A
    Posts
    14,852
    Thanks
    160
    Thanked 2,223 Times in 2,210 Posts
    Blog Entries
    1
    The Dream is not what you see in sleep; Dream is the thing which doesn't let you sleep. --(Dr. APJ. Abdul Kalam)

  • #6
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,987
    Thanks
    4
    Thanked 2,660 Times in 2,629 Posts
    It is (supposed) to help prevent SQL injections. Although its among the stupidest things that Zend has introduced.
    Fortunately, these will be gone very soon. Register globals are gone as of 5.4, so that's a great start.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •