question about stripslashes and nl2br

eightmin

I have a form that once filled out puts the data into a database and sends a confirmation email back to client.

Before I insert into database, I return the information to the browser for the client to check for accuracy. If client clicks on the continue button (submit), I do some formatting to the variables:

$description = trim(addslashes(nl2br($_SESSION['description'])));

I then insert $description into the database.

$query = "INSERT INTO DB set first_name = '$first_name', last_name = '$last_name', address= '$address', address_2 = '$address_2', city = '$city', state = '$state', zip = '$zip', description = '$description', file_date = '$file_date'";

If the data is successfully added to database, I send out a reply email to the client. To do so, I again format the data by stripping slashes and then put that into the email:

$description = stripslashes($description);

My problem is that in the email, the slashes are not removed. The nl2br formatting is there but not the stripslashes. My php ini file has magic_quotes on but I add and strip slashes as a practice anyway. Anybody have a clue as to why the stripslashes function is not working in the email?

Second question is about nl2br(). Once that formatting is done prior to inserting into a database, do I have to use nl2br again when ever that data is returned? Is it a onetime function?

dnast

I forget exactly when and where magic quotes add slashes, but it could be that your addslash() is actually double-slashing the string. So when you stripslash() it's just turning double slashes into single slashes.

Disclaimer: I'm just purely guessing since I don't have access to php where I'm at right now 🙂

devinemke

dnast is right. if magic_quotes in ON then you do not need to addslashes before database insertion. that's why you are still seeing the slashes in the email (you are double-slashing the string).

eightmin

Thanks, you guys were right. Once I took out the addslashes, everything was ok. I don't understand one thing though. Magic_quotes ON, I add slashes once and then remove them once. How did I still get the double slashes. I could understand if I only added slashes but again, I added once, removed once. Have I gone completely mad???? One minus one is still zero....isn't it???

dnast

Magic_quotes added the slashes before you did. So all you did was add slashes to the slashes and then remove that second set of slashes.

So it's 2-1 = 1 😉

Edit: Glad we could help you and don't forget to mark the thread resolved.