Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

$_POST and $_GET convert quote( ' ) to backslash + quote ( \' )

Tags:

html

post

php

get

I have this code :

<?php  
echo $_GET['user'];
?>

<html >
<head>


</head>
<body>
<form method = "GET"  action="file.php">
    <input type = "text" name = "user"><br> 
    <input type = "submit" value ="submit"><br>
</form>
</body>
</html>  

when I type ' in the textbox it prints out \' instead of '.
for example if I type 'hello' it prints out \'hello\'.
So how can I fix that ??

like image 837
user2229472 Avatar asked May 14 '13 15:05

user2229472


People also ask

How do I escape a quote from a string in PHP?

In PHP, an escape sequence starts with a backslash \ . Escape sequences apply to double-quoted strings. A single-quoted string only uses the escape sequences for a single quote or a backslash.

How do you escape quotation marks?

Alternatively, you can use a backslash \ to escape the quotation marks. This lets JavaScript know in advance that you want to use a special character.

How do you escape a single quote within a single quote?

' End first quotation which uses single quotes. " Start second quotation, using double-quotes. ' Quoted character. " End second quotation, using double-quotes.

Which function is used to quote string slashes?

Definition and Usage. The addslashes() function returns a string with backslashes in front of predefined characters. The predefined characters are: single quote (')


2 Answers

The slashes were added because you have magic_quotes_gpc=On in your php.ini. Note that this feature is depreacted and you should turn it off in your php.ini. It was a former security feature but you should not rely on it. Instead write code for yourself that valides all inputs and use prepared statements when you pass inputs to SQL queries or use escapeshellarg() if you pass inputs to shell scripts.

However, use stripslashes() to remove the slashes:

echo stripslashes($_GET['user']);
like image 110
hek2mgl Avatar answered Oct 20 '22 20:10

hek2mgl


It looks like you have magic quotes set in your PHP interpreter. They can be turned off via ini setting.

like image 39
che Avatar answered Oct 20 '22 21:10

che