PHP Remove \ from a string that is pulled from DB

Question

I built a blog that uses a WYSIWYG editor(TinyMCE). You build a blog post, post it, and it is stored in a MySQL Database. The post then gets pulled out by another page. Simple stuff for most of you I'm sure.

It worked fine on my test server, so I switched it to another server, and now the images don't pull through properly on the view blog page.

I inspected the img URL and it looked like this.

<img src="\"/img/parking1.png\"" alt="\"\"">

I haven't written a method to do it, but it seems to be escaping () the quote marks.

It didn't do this on my last server, and worked fine, so I am assuming it's a server (hosting) security thing.

I tried to remove them, replace them with blank:

$cleanpost = str_replace('\', '',$post);

Where $post is the data pulled from the DB. It's bad syntax and putting the back-slash in between the quotes breaks it.

Can anyone tell me how to do this please? Or am I even correct as to think this is what I should be doing?

Much thanks.

EDIT: PHP code for blog post insert

if (isset($_POST['blogpost'])) {


    $nowdate = new DateTime('NOW');
    $thisdate = $nowdate->format('Y-m-d H:i:s');
    $post = $_POST['blogpost'];
    $title = $_POST['posttitle'];
    $status = 'yes';




    try {

        $conn = new PDO('mysql:host=host;dbname=dbname', $username, $password);
        $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
        $stmt = $conn->prepare('INSERT INTO blogposts(posttext, thisdate, posttitle, active) VALUES(:post, :postdate, :posttitle, :status)');
        $stmt->execute(array(
            ':post'=>$post, ':postdate'=>$thisdate, ':posttitle'=>$title, ':status'=>$status
        ));

      //echo $stmt->rowCount(); // 1
    } catch(PDOException $e) {
        echo 'Error: ' . $e->getMessage();
        echo 'died';


    };

}

Answer 1

You can use stripslashes() to unescape the string.

$post = stripslashes($post);