0

I have a for loop that runs through a set of questions with a text area next to each question. But if the question or answer has an apostrophe in it (as if someone asked "Don't" or "Can't" in the question), it doesn't get inserted into the database. I've tried strip slashes and add slashes to get rid of the problem to no avail.
This is what I've got so far.

The for loop to display to the user the question without slashes.

    for($i = 0; $i< sizeof($answered); $i++)
    {
        echo "<h3><center>" . stripslashes($question[$i]) . "</center></h3>";
        show_form($question[$i]);
    }

and the POST setup:

    if ( !empty($_POST['answer']) )
    {
        $quest = mysqli_real_escape_string ($dbc, $_POST['question']);
        $answer = mysqli_real_escape_string ($dbc, $_POST['answer']);
    }
Java00011111
  • 7
  • 1
  • 5

3 Answers3

0

set magic_quotes_gpc = Off in your php.ini

OR

add php_flag magic_quotes_gpc Off in your .htaccess

Zul
  • 3,627
  • 3
  • 21
  • 35
0

Check whether the magic_quotes_gpc is enabled in your php.ini file.
If magic_quotes_gpc is enabled, first apply stripslashes() to the data.
Using this function on data which has already been escaped will escape the data twice.

Manigandan Arjunan
  • 2,260
  • 1
  • 25
  • 42
  • @Ampere--the issue I have with that is when I press the submit button, 2 things happen: more slashes are getting added to the variable and part of the string after the singlequote doesn't display. for instance: If I had the word "don't", the output is "don\\\" – Java00011111 Dec 07 '11 at 06:14
  • @java0001111 then just try only with mysql_real_escape_string itself. And do check that magic_quotes_gpc is enabled in your php.ini. – Manigandan Arjunan Dec 07 '11 at 06:26
  • I originally tried it with just mysql_real_escape_string and that's how I got the error. And magic quotes is on. – Java00011111 Dec 07 '11 at 06:33
  • @java00011111 http://www.nusphere.com/kb/phpmanual/function.mysql-real-escape-string.htm this may be useful for you. – Manigandan Arjunan Dec 07 '11 at 06:51
  • @java00011111 if magic qoutes is on then, first apply stripslashes() to the data. Using this function on data which has already been escaped will escape the data twice – Manigandan Arjunan Dec 07 '11 at 07:08
-1

Try htmlentities($question[$i], ENT_QUOTES); to store the data, and html_entity_decode($question[$i], ENT_QUOTES); to display it.

Aaron
  • 5,137
  • 1
  • 18
  • 20
  • NO, don't do this! Always encode/decode at the boundaries of your application, not in the core! Store your data without any encoding, and `htmlspecialchars()` (encode to html) when you display it. – Francis Avila Dec 07 '11 at 05:34
  • @Francis-- can you explain to me what you mean by encode/decode at the boundries and not at the core? I've tried storing the data just using mysqli_real_escape_strings but I can't get this working if there are single quotes in the string. – Java00011111 Dec 07 '11 at 05:42
  • Don't `htmlspecialchars()` and `htmlentities()` nullify the effects of potentially disruptive characters by encoding them into their corresponding entities? Does it not make sense to store strings in their encoded format as to avoid issues like this one @Java00011111 is experiencing with the quotes? @Francis Would you mind steering me in the right direction if I am, indeed, mistaken? – Aaron Dec 07 '11 at 05:58