nick Posted April 11, 2011 Share Posted April 11, 2011 I am using if (!empty($_POST['title'])) { $t = mysqli_real_escape_string($dbc, strip_tags($_POST['title'])); } else { $add_page_errors['title'] = 'Please enter the title!'; } This code from the book but when I add a new page and use a word like don't it ends up looking like don/'t. Is this because of the mysqli_real_escape_string because I if build something similar for a client I don't won't that to show up but I would like for it to still be safe. Thanks for you help with. Link to comment Share on other sites More sharing options...
Jonathon Posted April 11, 2011 Share Posted April 11, 2011 Yes it is because of the real_escape_string. Why not use a string replace function to strip any apostrophes and like so don't just becomes domt before you pass it the mysqli_real_escape_string. 1 Link to comment Share on other sites More sharing options...
nick Posted April 11, 2011 Author Share Posted April 11, 2011 I checked with hosting company and magic quotes were turned on and I had those turned off and it seemed to stop with the code I presently had listed above will that still be safe. Link to comment Share on other sites More sharing options...
Jonathon Posted April 11, 2011 Share Posted April 11, 2011 Yes, I feel like in this book in one of the functions he uses a piece of code like this to deal with amgic quotes if(get_magic_quotes_gpc()) $var = stripslashes($var) 1 Link to comment Share on other sites More sharing options...
Larry Posted April 11, 2011 Share Posted April 11, 2011 Yeah, that code is supposed to address Magic Quotes being on. Unfortunately, and quite stupidly, I define the escape_data() function in the chapter but don't actually use it in the code! Link to comment Share on other sites More sharing options...
Recommended Posts