问题
Every time a POST is made I get escaped characters.
\ -> \\
' -> \'
" -> \"
I have a multistep form, which transmits the data from one form to another. I save the values with prepared statments in the database. The values in the database currently look like Paul\'s House. User should have the possiblity to use single and double quotes in their string.
This is a simple example demonstrating the escaping effect:
<?php
echo $_POST['value'];
?>
<form action="form.php" method="post" enctype="multipart/form-data">
<input type="hidden" name="value" value="Paul's House">
<input type="submit" value="Next">
</form>
Why or who escapes the string? What is the correct way for handling data over multiple forms? What is the correct way for saving it in the database? Should I use stripslashes() or I'm opening a big security hole?
回答1:
Looks like you have Magic Quotes turned on.
http://www.php.net/manual/en/security.magicquotes.disabling.php
Check that out for how to disable.
回答2:
You must turn off the magicquotes in server , otherwise you should very careful about on/off status of the magicquotes .
来源:https://stackoverflow.com/questions/9705758/escaped-characters-in-string-from-submitted-form