I try to explain my problem with a non-perfect english :)
When i try to send some string (client side) to the server, i see that the HTML Form add the "\" char as escape before some chars (for example with ", ' and \ itself).
But this is a problem : if save it on mysql, before i filter the string using mysql_real_escape_string(), and it considers the escape char added by html as a "char added by the user". But that's not true.
The same when, after I checked the value on server-side and ignore it for some reason, i place them on the fields. I need to escape the chars again (i do it with addslashes() php function), because if i have $var equal to hello "world" how are you, on the input field (as i wrote above) it fails.
So, how can I fix this problem? I think there's a solution :)
Part 2
Now, with magic_quotes i've resolved this problem. Now, if the parameter fails when i check it, i'll save it on a var and put it into the right field. The problem is that.
<script type="text/javascript">
$(document).ready(function() {
$("#input1").val("<?= addslashes($name) ?>");
});
</script>
<input class="inputReg" maxlength="20" name="name" id="input1" />
this code work!!! I put the value (trought JQuery). If i write this :
<input class="inputReg" maxlength="20" name="name" value="<?=addslashes($name)?>" id="input1" />
it doesnt work. In fact, if i write (for example) the string "hello 'my' name is marco" it add each time 1-2-4-8 the char \ before. Why this? It doesnt works. Any idea? Cheers
Sounds like magic quotes. Make sure this is disabled in your php.ini file:
magic_quotes_gpc = Off
mysql_real_escape_string(stripslashes($string))
will (temporarily) fix your problem. Turning off magic_quotes though would be the best option.
You can use this code snippet if you aint allowed to edit php.ini:
# Disable magic quotes if enabled in the server settings
if (get_magic_quotes_gpc()) {
function stripslashes_deep($value) {
$value = is_array($value) ?
array_map('stripslashes_deep', $value) :
stripslashes($value);
return $value;
}
$_POST = array_map('stripslashes_deep', $_POST);
$_GET = array_map('stripslashes_deep', $_GET);
$_COOKIE = array_map('stripslashes_deep', $_COOKIE);
$_REQUEST = array_map('stripslashes_deep', $_REQUEST);
}