I don't want slashes in my $_POST values. I want to deal with that kind if thing myself.
I am having problems getting rid of said slashes. You can see the results of the following code here: http://www.slyme.co.uk/sanitise.php
View the source - htmlentities seems to work, stripslashes doesn't unless I do this:
echo stripslashses($test_string);
I want to do all sorts of processing and would rather use functions but I just can't see why I can't get it right in a function or an if statement.
check out this page:
<?php
function sanitise($input){
if (get_magic_quotes_gpc()) {
stripslashes($input);
}
return htmlentities($input, ENT_QUOTES);
}
function un_sanitise($input){
if (get_magic_quotes_gpc()) {
stripslashes($input);
}
return $input;
}
if (isset($_POST['test'])) {
$test_string = $_POST['test'];
} else {
$test_string = '';
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
<style type="text/css">
<!--
#wrap {width:400px; margin-left:auto; margin-right:auto;}
.box {border:1px solid #CCCCCC; margin:5px;padding:5px;}
.title {font-weight:bold;}
-->
</style>
</head>
<body>
<div id="wrap">
<div class="box">
<div class="title">Magic Quotes</div>
<?php
if (get_magic_quotes_gpc()) {
echo 'Magic Quotes On';
} else {
echo 'Magic Quotes Off';
}
?>
</div>
<div class="box">
<div class="title">Raw String</div>
<?php echo $test_string ?>
</div>
<div class="box">
<div class="title">Strip Slashes</div>
<?php
if (get_magic_quotes_gpc()) {
stripslashes($test_string);
}
echo $test_string;
?>
</div>
<div class="box">
<div class="title">Sanitise</div>
<?php
if (get_magic_quotes_gpc()) {
stripslashes($test_string);
}
echo htmlentities($test_string, ENT_QUOTES);
?>
</div>
<div class="box">
<div class="title">Sanitise Function</div>
<?php
echo sanitise($test_string);
?>
</div>
<div class="box">
<div class="title">Strip Slashes Function</div>
<?php
echo un_sanitise($test_string);
?>
</div>
</div>
<form method="post" action="">
<table align="center">
<tr>
<td>
<textarea name="test" id="test"></textarea>
</td>
</tr>
<tr>
<td>
<input name="submit" type="submit" value="Submit" />
</td>
</tr>
<tr>
<td>
echo stripslashes($test_string) = <?php echo stripslashes($test_string) ?>
</td>
</tr>
</table>
</form>
</body>
</html>