PHP adding backslashes to POST data

Question

I have a form that submits to a database. But before it enters the database the submitted data is output on the screen. Currently, if I have "Mike's" submitted, it outputs "Mike\'s".

I have tried the below code to see if it is Magic Quotes, but this has not helped.

if ((function_exists("get_magic_quotes_gpc") && get_magic_quotes_gpc()) ||
    ini_get('magic_quotes_sybase')
   ) {

    foreach($_GET as $k => $v)
        $_GET[$k] = stripslashes($v);
    foreach($_POST as $k => $v)
        $_POST[$k] = stripslashes($v);
    foreach($_COOKIE as $k => $v)
        $_COOKIE[$k] = stripslashes($v);
}

What should I look for?

Use phpinfo() to see if magic quotes is turned on just to definitely rule it out. — John Conde
– John Conde, Commented Mar 5, 2014 at 16:17
I'm running version 5.4 so I don't think there is even magic quotes within it — Somk
– Somk, Commented Mar 5, 2014 at 17:16
Does the data in the database have the character escapes in it? — Josiah Hudson
– Josiah Hudson, Commented Mar 30, 2016 at 14:24

Wesley Bland · Accepted Answer · 2014-03-05 16:41:40Z

0

Note: To sanitize the string

<?php

    $mike = "Mike's";

    echo filter_var($mike, FILTER_SANITIZE_STRING);

?>

edited Mar 5, 2014 at 16:41

Wesley Bland

9,1623 gold badges50 silver badges62 bronze badges

answered Mar 5, 2014 at 16:22

CS GO

9026 silver badges20 bronze badges

Sign up to request clarification or add additional context in comments.

1 Comment

Peter Mortensen Over a year ago

The suspense! What is it supposed to achieve (in that example)? Is the string changed in any way? If it is changed, what is it changed to?

Community · Accepted Answer · 2017-05-23 12:24:09Z

0

Despite looking like a constant, editing $_POST should work. Then again, your code didn't work for me, either.

This works:

function getReq($key){
    return isset($_REQUEST[$key]) ? stripslashes($_REQUEST[$key]) : "";
}

I haven't found why PHP (5.3.0 on WAMPSERVER 2.0 in my case) seems to magically change POST data while get_magic_quotes_gpc() returns 0, and frankly don't care to waste more time on its dirty innards.

edited May 23, 2017 at 12:24

CommunityBot

11 silver badge

answered Sep 3, 2014 at 14:05

Cees Timmerman

20.3k11 gold badges99 silver badges138 bronze badges

Comments

Peter Mortensen · Accepted Answer · 2019-12-01 00:30:15Z

0

There's a possibility it's in the code you're using to output to the screen.

If you were, for instance, using var_export(), one would expect to see character escapes on apostrophes.

edited Dec 1, 2019 at 0:30

Peter Mortensen

31.4k22 gold badges110 silver badges134 bronze badges

answered Mar 5, 2014 at 16:25

Josiah Hudson

1,0058 silver badges14 bronze badges

Comments

xrayin · Accepted Answer · 2019-12-01 00:38:33Z

0

It seems silly to answer after all these years but I see your post is active so i'll try.

First try this function stripslashes(). Doc: (https://www.php.net/manual/en/function.stripslashes.php)

Should this not work.

Do you display the data directly from the $_POST variable or retrieve it from the DB? It might be saved as is in the DB and that would mean a UTF8 convert issue.

I kept my answer short and don't wish to add more unncessary info unless you need it.

answered Dec 1, 2019 at 0:38

xrayin

511 silver badge4 bronze badges

Collectives™ on Stack Overflow

PHP adding backslashes to POST data

4 Answers 4

1 Comment

Comments

Comments

Comments

Your Answer

Linked

Hot Network Questions

Collectives™ on Stack Overflow

4 Answers 4

1 Comment

Comments

Comments

Comments

Your Answer

Sign up or log in

Post as a guest

Linked

Related