Removing \ from PHP in an HTML page?

Butters

Butters

Butters

Permabanned
Joined
22 Apr 2007
Posts
1,805
OK, i've done a lot myself now but this has me stuck.

I have a news management page which shows you all the news articles in the news database and has the option to edit or delete them

However, if I choose to edit an item, it takes me to the edit page and everything appears as it should.

But, if I add anything to the it with a ' in (i.e. i'm sure it's ok), OR there is a hyperlink in the text body i.e.

Code: 
<a href="test.php">test</a>

as soon as you press update to save the edit this happens

(i\'m sure it\'s ok)

and

Code: 
<a href="\test.php\">test</a>

I hope thats clear enough to show whats happening.

How do I solve this? I looked up http://uk3.php.net/strip_tags but their example seems to be associated with constant inserted text.
 
OK, so we apply the stripslashes to a query string? Anything that displays the information retrieved from the database?

So for this (for example)
Code: 
<?php

mysql_connect('localhost', 'root', 'pass');
mysql_select_db('mark1e_dmd');


$id = $_POST['id'];


$query = "SELECT * FROM news WHERE id={$id}";

if ($results = mysql_query($query)) {

$row = mysql_fetch_array ($results); //retrieve the info


$id = htmlentities($row['id']);
$p_title = htmlentities($row['p_title']);
$p_summary = htmlentities($row['p_summary'];
$p_body = htmlentities($row['p_body']);

}

?>

Where would one add the strip slashes?
 
marc2003 said:
you wouldn't. that code is completely unrelated to the problem you're having so why did you post it?

having said that, you also need to cleanse that id field before querying your database with it. infact i posted some help with that particular issue before.....

http://forums.overclockers.co.uk/showthread.php?t=17793055

as for stripslashes, you'd use that on $_POST data (form input) before adding to the database. again i've given you the code for that. look at the custom "clean" function in your own post here.

http://forums.overclockers.co.uk/showthread.php?t=17807287&highlight=startername_butters
Click to expand...

Ahh no, ok, I thought you stripslashed the return query but yeah I see it makes more sense to do it before it goes into the DB.
Thanks
 
OK, now I'm confused. One of you is telling me to clean the data going in with stripslahses and the other is telling me to add slashes? Can ANYONE see why I'm confused? :p
 
You must log in or register to reply here.
Back
Top Bottom