0

I'm guessing that there is a simple explanation for this but I can find it anywhere. Please know that this is not a security issue as I only have this form on the web when I am adding music to my DJ database. When I finish, I take the form down. I just need to get around the issue of apostrophe in either the Artist name or Song Title name. This is the code I have:

$cleana= addslashes($artist);

$cleant= addslashes($title);

$artist=$cleana;

$title=$cleant;

My problem is that it adds 3 \'s to the string and when it writes to the database there is a \ in the entry. These are the only two fields that could possibly have an ' in them.

Thanks in advance.

Jim Raymond
  • 103
  • 9
  • The 3 \'s means that the string is already escaped because of `magic_quotes` so you probably don't need to escape it... Another way (to keep your head relaxed and make sure all is well escaped) is using `stripslases` first, then addslashes. But the link @quentin shared is the best way to go although you say security isn't your concern.... – CodeBird Apr 20 '14 at 13:22
  • Get a recent PHP version and you get rid of this. This smells like Magic Quotes, you find it explained in the PHP Manual in full length: http://www.php.net/manual/en/security.magicquotes.php - You perhaps just want to disable it. And as others have said, you're doing database operations wrong here in case of input encoding. – hakre Apr 20 '14 at 13:26
  • @CodeBird thanks so much. Not just for the help but also for accepting that I don't need to be super secure. I'm a newbie hack and I assure you I always read everything I can find in Google and on here that might solve an issue before I ask. And most of the "already answered" links are beyond my scope of understanding. This is just a list of my songs and when I finish with additions I remove the page from the web and copy the DB from the web server to my computer. So I just needed to get by the ' issue and the error message. – Jim Raymond Apr 20 '14 at 17:17
  • @CodeBird I went to the INI file on the server and disabled magic_quotes but that didn't solve the issue. BUT I tried the stripslashes as you suggested and for whatever reason it solved the problem. I can now get back to my data entry thanks to your help to a newbie. – Jim Raymond Apr 20 '14 at 17:19
  • server should be restarted after changing the main php.ini, and some hosting providers doesn't let you have your own php.ini. so putting anything there won't help. `stripslashes` helped because it removed the \'s added by `magic_quotes` – CodeBird Apr 20 '14 at 17:24

0 Answers0