Questions tagged [addslashes]

A PHP function to add backslashes (\) in front of each quote characters (" and ') and backslash characters (\).

82 questions

votes

3 answers

Escape double quotes with variable inside HTML echo

For a variable inside a echo that contains HTML, where would I add slashes to escape the double quotes? Example: echo ""; This part: value=".$row['id']."

asked Dec 16 '13 at 22:56

swiftsly

votes

4 answers

How to escape string from PHP for javascript?

lets imagine a form editor, it can edit available values. If the data contains " character (double quote) it "destroys" HTML code. I meant, lets check the code: so I generate HTML: onclick="var a = prompt('New value: ', '

php javascript escaping addslashes

asked Aug 16 '11 at 22:07

user893856

1,039
3
15
21

votes

3 answers

How to include multi-line html from django template into javascript variable

From a Django template, I would like to include an html snippet from a file, say mysnippet.html:

blah

into a javascript variable: The…

django django-templates addslashes

asked Apr 03 '11 at 00:07

gozzilli

8,089
11
56
87

votes

5 answers

how to prevent database to add slash to quotes

i know this sounds really common and so trivial but , am having a challenge here. I have a web site with Zend/Doctrine and i use ckeditor for the backend management. after uploading the site i've realized that during edit testing the look and feel…

php mysql zend-framework hosting addslashes

asked Jun 20 '12 at 01:12

black sensei

6,528
22
109
188

votes

7 answers

Htmlentities vs addslashes vs mysqli_real_escape_string

I've been doing some reading on securing PHP applications, and it seems to me that mysqli_real_escape_string is the correct function to use when inserting data into MySQL tables because addslashes can cause some weird things to happen for a smart…

php security mysql-real-escape-string addslashes

asked Feb 06 '10 at 18:43

waiwai933

14,133
21
62
86

votes

4 answers

Is PHP's addslashes vulnerable to sql injection attack?

Possible Duplicate: What does mysql_real_escape_string() do that addslashes() doesn't? I have been reviewing articles on how/why PHP's addslashes function is vulnerable to sql injection. Everything I have read says there are problems with…

php addslashes

asked Dec 01 '11 at 10:30

k10

votes

4 answers

What's the difference between PHP's addslashes and mysql(i)_escape_string?

Possible Duplicate: mysql_real_escape_string VS addslashes If they don't do exactly the same, what's the difference? The delimiter for values inside a MySQL query is the ' isn't it? Or maybe the " but that's also escaped with addslashes. In other…

php mysql security mysql-real-escape-string addslashes

asked Dec 20 '10 at 00:36

Rudie

52,220
42
131
173

votes

2 answers

PHP addslashes not working as expected if a string starts with numbers and contains a quotation mark

I have a form with a textbox 'size_txt' which stores a string representing a size choice. The value is posted to another page and retrieved by this…

php addslashes

asked Sep 21 '13 at 20:35

David Caldwell

votes

4 answers

addslashes JavaScript equivalent

I am looking for a proper version of a JavaScript equivalent of PHP's addSlashes. I have found many versions, but none of them handle \b, \t, \n, \f or \r. http://jsfiddle.net/3tEcJ/1/ To be complete, this jsFiddle should alert: \b\t\n\f\r"\\

javascript regex escaping addslashes

asked Aug 23 '11 at 13:56

GAgnew

3,847
3
26
28

votes

1 answer

Sanitize input before storing into database

First of all, I have a html editor that accept input from user. I want to store plain html tags in database and cater for quotes (sql injection) that appear as well. For example, $input = "

I'm…

php html htmlspecialchars addslashes

asked Jan 18 '16 at 07:10
user2126081

285

1

4

12

4
votes

1 answer

Circumventing htmlspecialchars(addslashes(input)) for HTML/JavaScript injection

Assume some PHP code which echoes an input sanitized by first applying addslashes() and then htmlspecialchars() to an HTML document. I have heard that this is an unsafe approach, but cannot figure out why. Any suggestions as to what sort of…

php html htmlspecialchars addslashes

asked Dec 02 '14 at 12:48
ride_on_the_NOP_sled

135

13

4
votes

2 answers

backslash in php and mysql

I have a question about backslash in MySql and PHP! I write a simple code for testing! include "src/db.inc.php"; $name="licon's"; $name=addslashes($name); $sql="insert into test values('$name')"; mysql_query($sql); $sql1="select * from…

php mysql addslashes

asked Jan 21 '14 at 07:08
ChainWay

133

1

10

4
votes

1 answer

Can addslashes be bypassed when using utf and single quotes?

I am trying to verify if using addslashes on a script is exploitable or not, it's known for everyone that addslashes shouldn't be used but, but the question is, is it always exploitable? I found plenty of information on abusing addslashes in two…

php security addslashes

asked May 15 '13 at 12:37
aseques

537

4

21

3
votes

3 answers

How to validate a string in PHP + MYSQL?

I'm using PDO with prepare statement. I'm using Javascript to encrypt text from html textarea, decrypt in PHP, adding some text and i re-encrypt data before write it in the DB. I'm using PHP to decrypt data from db and put it in HTML5 pages. Often…

php mysql validation html-entities addslashes

asked Feb 13 '14 at 08:28
JB.

83

1

9

3
votes

2 answers

PHP how to add slashes into array

i have a problem i want to add slashes at the starting and the end of each string of my array. This is an example of my actual array : $patte = array(); $patte[0] = "httpd"; $patte[1] = "vsftpd"; $patte[2] = 'gohphp'; $patte[3] = 'abcdef'; i use…

php arrays preg-replace addslashes

asked Dec 18 '13 at 09:47
user3114471

155

2

11

1
2 3 4 5 6 Next