Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 4 of 4
  1. #1
    New Coder
    Join Date
    Jul 2005
    Location
    New York
    Posts
    31
    Thanks
    0
    Thanked 0 Times in 0 Posts

    stripslashes() adds slashes ?!?

    Hi guys,

    Here is some code:

    MyForm.php

    // compose mail message
    $strMailMsg = "From: " . $_POST['inputName']; // cut for example
    mail(...,$strMailMsg,...);

    // now output what they sent
    echo "<p>{$_POST['inputName']}</p>";

    That works fine except when I get the mail it has the backslashes before any quotes.

    So I tried this:
    ...
    $strMailMsg=stripslashes($strMailMsg);
    mail(...,$strMailMsg,...);

    Well, now the mail doesn't have the slashes but the echo output does. I even tried a new variable:

    $newMsg=stripslashes($strMailMsg);
    mail(...,$newMsg,...);

    It seems the stripslashes() affects the $_POST['inputName'] variable which to me seems absurd because the $strMailMsg should not be 'connected' to the $_POST['inputName'] after it's been assigned.

    What's going on ?

    Thanks.

  • #2
    Regular Coder
    Join Date
    Feb 2005
    Location
    West Midlands, UK
    Posts
    623
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I'm a little lost here, are you echoing via echo "<p>{$_POST['inputName']}</p>"; ? If so then you will need to stripslashes() the $_POST variable too, since I'm assuming this is an issue with magic_quotes adding slashes to the $_POST user input.

    If that's not the case, can you post more of your code so we can see exactly what's happening and where?

  • #3
    New Coder
    Join Date
    Jul 2005
    Location
    New York
    Posts
    31
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Hi,

    Sorry about that. My local machine has magic quotes off but the remote machine has them on and I was getting confused when testing my pages.

    Here is what I did:

    if(get_magic_quotes_gpc()){
    $_POST['inputName']=stripslashes($_POST['inputName']);
    $_POST['inputEmail']=stripslashes($_POST['inputEmail']);
    }

    mail(...,$_POST['inputName'],...);

    echo("<p>{$_POST['inputName']=}</p>");

    It seems alright. What do you think ?

  • #4
    Regular Coder
    Join Date
    Feb 2005
    Location
    West Midlands, UK
    Posts
    623
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I use this solution from php.net in all my scripts, I just stick the whole thing in a file which I include at the top of every page to be sure:

    PHP Code:
    function stripslashes_deep($value)
    {
       return (
    is_array($value) ? array_map('stripslashes_deep'$value) : stripslashes($value));
    }

    if (
    get_magic_quotes_gpc())
    {
       
    $_GET    array_map('stripslashes_deep'$_GET);
       
    $_POST  array_map('stripslashes_deep'$_POST);
       
    $_COOKIE array_map('stripslashes_deep'$_COOKIE);

    It effectively does what you just did but you will find it useful if you ever want to deal with more advanced arrays (particularly useful when you're dealing with checkboxes or multiple selection lists in forms).


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •