Sigh

[McJedi]

Im getting text via REQUEST from an input box. If I don't format the text in any way and I type a " it will put a \ before it. If i use stripslashes it will work fine. However then when i input \\\\\\\\\\ on the form the output is \\\\\. I tried replaceing \ with %5C but for some reason it echoed the %5C instead of \. I also tried to do:
$slash = chr(92);
$test = "S\ite";
if(strstr($title, "\\\")) {
$test = str_replace("\\\", "$slash", $test);
}

But there is an error. I need 3 \'s don't I? Is there a way to just echo plain text without it being such a problem

[lintz]

You may have to use a loop to remove all the slashes or maybe check the contents on the input box useing javascript and if there are more than 1 / then show a message and don't progress any further until "correct" format is enterd in input box. HTH

[McJedi]

There is no format and \\ would be allowed. The only thing I'm using to filter that input box is htmlspecialchars...can you tell me more about the loop?

[visualAd]

The problem you are experiencing is due to a setting in the php.ini called magic quotes. Before using strip slashes you should check whether magic quotes have been turned on. If they have then it would have added the slashes automatically. There is a function which you can use called get_magic_quotes_gpc() which returns true if they are on and false if they are not.

The function below test this and only uses stripslashes() if magic quotes are on:

PHP Code:

function stripslashes_safe($string) {
    if (magic_quotes_gpc()) {
        return stripslashes($string);
    } else {
        return $string;
}