[CLUE-Tech] PHP escaping characters
Jed S. Baer
thag at frii.com
Sat Mar 2 12:29:43 MST 2002
On Fri, 01 Mar 2002 18:01:40 -0700
Steve Fry <clue at ir3w.com> wrote:
> Somewhere after you capture the variable - or before you output it
> (experiment with this) - use the tag called "stripslashes" like this:
>
> Ex. value=\"stripslashes($yourname)\"
while (list($postkey, $postval) = each($HTTP_POST_VARS)) {
$$postkey = htmlspecialchars(stripslashes($postval));
}
FWIW, this, at the start of execution, fixes this. A note to anyone who
doesn't know: the $postvariable is a copy of
$HTTP_POST_VARS["postvariable"], not a reference to it, so:
$HTTP_POST_VARS["postvariable"] =
htmlspecialchars(stripslashes($postval))
doesn't fix $postvariable.
Happy Happy Joy Joy.
--
"Those who expect to reap the blessings of freedom must, like men,
undergo the fatigue of supporting it."
- Thomas Paine
More information about the clue-tech
mailing list