Hello,



I am a beginner in PHP. I need with the function preg_replace.

I am trying to remove the backslashes ( \ ) from a string that is submitted
by the user.

It is submitted in a form but it adds \ before the quotation marks ( " ).

Will this change if I use the GET method instead of POST.

If not can you please tell me how to use preg_replace to remove the
backslashes.



Thank You,

Chaim Chaikin

Novice PHP programmer

Hotwire Band Website Administrator

http://hotwire.totalh.com

Chaim Chaikin wrote:
> Hello,
>
>
>
> I am a beginner in PHP. I need with the function preg_replace.
>
> I am trying to remove the backslashes ( \ ) from a string that is submitted
> by the user.
>
> It is submitted in a form but it adds \ before the quotation marks ( " ).
>
> Will this change if I use the GET method instead of POST.
>
> If not can you please tell me how to use preg_replace to remove the
> backslashes.
>
Don't, use stripslashes() instead.

http://us.php.net/stripslashes

Here is a nice little hack that I use.

<plaintext><?php

print_r($_REQUEST);

function stripInput(&$ar) {
$ar = stripslashes($ar);
}
if ( get_magic_quotes_gpc() ) {
array_walk_recursive($_REQUEST, 'stripInput');
array_walk_recursive($_POST, 'stripInput');
array_walk_recursive($_GET, 'stripInput');
}

print_r($_REQUEST);

?>

you should see the difference
--
Jim Lucas

"Some men are born to greatness, some achieve greatness,
and some have greatness thrust upon them."

Twelfth Night, Act II, Scene V
by William Shakespeare

Jim Lucas wrote:
> Here is a nice little hack that I use.
>

"Little hack" it is, "nice" it isn't.
Ideally just turn off magic_quotes_gpc - you can do so in php.ini, or
perhaps your web server configuration files (httpd.conf, .htaccess etc.).

If you don't have access to any of the above then install the latest
version of PHP_Compat (http://pear.php.net/package/PHP_Compat) and
include 'PHP/Compat/Environment/magic_quotes_gpc_off.php'. Reversing the
effects of magic_quotes_gpc at runtime is far from trivial, there's lots
of potential for subtle bugs, let alone completely forgetting about
$_.

If you're unable to install PHP_Compat, you can grab the relevant files
from CVS:
http://cvs.php.net/viewvc.cgi/pear/P....3&view=markup
http://cvs.php.net/viewvc.cgi/pear/P....7&view=markup

Arpad

Just use stripslashes() on your submitted data and forget about testing for
magic_quotes. It's good practice anyhow. \" is not legit text regardless.



haim Chaikin wrote:
> Hello,
>
>
>
> I am a beginner in PHP. I need with the function preg_replace.
>
> I am trying to remove the backslashes ( \ ) from a string that is submitted
> by the user.
>
> It is submitted in a form but it adds \ before the quotation marks ( " ).
>
> Will this change if I use the GET method instead of POST.
>
> If not can you please tell me how to use preg_replace to remove the
> backslashes.
>
>
>
> Thank You,
>
> Chaim Chaikin
>
> Novice PHP programmer
>
> Hotwire Band Website Administrator
>
> http://hotwire.totalh.com
>
>

Apologies if you already received this message, I tried to send it
earlier from my webmail but it doesn't seem to have worked.

Al wrote:
> Just use stripslashes() on your submitted data and forget about
> testing for magic_quotes. It's good practice anyhow. \" is not legit
> text regardless.
>

Using stripslashes() on all submitted data is most certainly *not* good
practice. If magic_quotes_gpc is later turned off or you're using one of
the versions of PHP with buggy magic_quotes_gpc support then you can
easily lose data. Reversing the effects of magic_quotes_gpc is far from
trivial, there's lots of potential for subtle bugs, let alone completely
forgetting about $_.

See my earlier reply for a real solution.

Arpad