On Mon, 30 Jun 2003 16:05:12 -0400, JW <jwayne_myrealbox_no_spam.com>
You can turn of the slashes that are put in, by using the ini_set with>It took me a lot of trial and error to get text from an HTML form into MySQL to
>account for quotation marks being entered. I came up with the following. It
>works fine but I was wondering if this is the best way. Here are the relevant
>1) User enters data via post.html:
> <form method="POST" action="post_confirm.php" name="form">
> <textarea NAME="comments" ROWS=4 COLS=60 onkeyup="textLimit(comments,
> <input type="submit" name="Submit2" value="Submit" onClick="return
>2) User is presented with the confirmation form post_confirm.php:
> Strips html tags, and displays without the slashes that PHP puts in:
> <?php $comments=stripslashes(strip_tags($_POST['comments'])); ?>
magic_quotes_gpc. My suggestion is to turn it off.
You may get around the one stripslashes with my suggestion.>
> Displays the user comments:
> <?php echo $comments; ?>
> If ok, user sends it to be posted:
> <form method="POST" action="postnotice.php">
> <input type="hidden" name="comments" value="<?php echo
>htmlspecialchars($comments, ENT_QUOTES ); ?>">
>3) Stuff is posted in MySQL via postnotice form:
> <?php $comments=addslashes($_POST['comments']); ?>
>Better way or OK?
Hope I could help.
Jochen Daum - CANS Ltd.
PHP DB Edit Toolkit -- PHP scripts for building
database editing interfaces.