Posted by Pedro Graca on 10/12/06 11:17

= poster = wrote:
> I created a textbox form to publish news on my site ...
> It's a simple textbox with an submit button.
> When the button is pressed the data in the textbox is stored in mysql .
>
> When I wan't to retrieve the stored text and display it through PHP some
> words aren't displayed right.
> An example : Isn't is displayed as Isn\'t

I suspect your SQL command is something like

$sql = "insert <table> (<column>) values ('{$_POST['text']}')";

Your PHP is configured with magic_quotes on.
Special characters in $_POST['text'] are automatically escaped by PHP
before the values reach your script.
When the text box entry is

This isn't right.

what PHP sees is

This isn\'t right.

This is probably what you want as it avoids the syntax error in

insert <table> (<column>) values ('This isn't right')
==================================^--------^-------^

If you try to second guess PHP and addslashes() or
mysql_real_escape_string() without a previous stripslashes() the result
will be

insert <table> (<column>) value ('This isn\\\'t right')

So ... either rely on magic_quotes (bad choice!) or make sure you
mysql_real_escape_string() to unescaped data

<?php
$user_data = mysql_real_escaped_string(
get_magic_quotes_gpc()
? stripslashes($_POST['text'])
: $_POST['text']
);
$sql = "insert <table> (<column>) values ('$user_data')";

--
File not found: (R)esume, (R)etry, (R)erun, (R)eturn, (R)eboot

[Back to original message]