Menu
I have this code :
<?php
echo $_GET['user'];
?>
<html >
<head>
</head>
<body>
<form method = "GET" action="file.php">
<input type = "text" name = "user"><br>
<input type = "submit" value ="submit"><br>
</form>
</body>
</html>
when I type ' in the textbox it prints out \' instead of '.
for example if I type 'hello' it prints out \'hello\'.
So how can I fix that ??
837
In PHP, an escape sequence starts with a backslash \ . Escape sequences apply to double-quoted strings. A single-quoted string only uses the escape sequences for a single quote or a backslash.
Alternatively, you can use a backslash \ to escape the quotation marks. This lets JavaScript know in advance that you want to use a special character.
' End first quotation which uses single quotes. " Start second quotation, using double-quotes. ' Quoted character. " End second quotation, using double-quotes.
Definition and Usage. The addslashes() function returns a string with backslashes in front of predefined characters. The predefined characters are: single quote (')
The slashes were added because you have magic_quotes_gpc=On in your php.ini. Note that this feature is depreacted and you should turn it off in your php.ini. It was a former security feature but you should not rely on it. Instead write code for yourself that valides all inputs and use prepared statements when you pass inputs to SQL queries or use escapeshellarg() if you pass inputs to shell scripts.
However, use stripslashes() to remove the slashes:
echo stripslashes($_GET['user']);
It looks like you have magic quotes set in your PHP interpreter. They can be turned off via ini setting.
39
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
