Posted by Hilarion on 09/07/05 15:14

>> index.php?myvar=cheese
>>
>> if I ehco($myvar) it will display 'cheese',
>>
>> index.php?myvar=%22cheese%22
>>
>> if I echo($myvar) it will display '\"cheese\"' with escaped quotes.
>>
>> How can I remove the quote escapes if %22 is present value? I want the
>> second example to display just like the first, whether quotes are present or
>> not?
>
> you can use urldecode() and htmlentities()...
>
> like
>
> $myvar = urldecode($myvar);
>
> u can also use htmlentities(urldecode($myvar)); for correct html code.


What is "htmlentities" for here?
One should use "urlencode" to pass parameter values in PHP generated
URLs. "htmlentities" makes nothing if the value is urlencoded (cause
it does not contain any HTML entities when encoded).
The problem that Mark has is related to magic quotes. He probably has
"magicquotes_gpc" turned on, which causes PHP to escape all values
from the client ($_GET, $_POST, $_COOKIE, $_REQUEST and all variables
comming from those if "register_globals" is on). He should turn
magic quotes off or use "stripslashes". It's important to do proper
escaping if data from the client is used in SQL queries or as otherwise
executed code (by "eval" or some shell function).


Hilarion

[Back to original message]