Encoding and Decoding of HTTP parameter values

raj_sv23

Hi,
I have a simple HTML form that takes in user input through text area. The action of this HTML form is another simple php page.

I get the form elements value into the action php using the following script.

$value = $_REQUEST["form_element_name'];

I am getting the value fine, however if the user enters text that contains double quotes ("), I am getting the escape character in addition to the double quotes.

For example if the user enters:

This is a "comment"

in the text area, when I get the value from the HTTP parameter, it is

This is a \"comment\"

I can use the str_replace and get rid of the \, but why is the parameter encoding/decoding not taking care of this?

Am I missing something? Any help would be appreciated.

Thanks,
Raj

Frederick

$value = stripslashes($_REQUEST["form_element_name"]);

Roger_Ramjet

It is because of the magic_quotes_gpc setting on your server. You should test using get_magic_quotes_gpc in your code and then stripslashes or not. This will make it portable from server to server without any recode. See the examples for a full explanation and the code you need.