Solved (see bottom of message) but surely there's a better solution? Sorry for this looong explanation, but I've been tearing my hair out with this problem... I use php 4.3.4 and ADOdb 4.64, developing on Win2000. I've got magic_quotes_gpc switched off explicitly in htaccess, and I checked phpinfo that it really is off. And magic_quotes_runtime is also off. And I have a string fragment in a MySQL database field as ... click the <a href="http://www.link";>link</a> ... I can clearly see this value in my database manager. However when I read it from the database it unexpectedly changes to click the <a href=\"http://www.link\";>link</a> even before I get it into my code - in my debugger I can see this in the result set before my code even has a chance to screw it up. And the browser can't handle this. I've single-stepped through the ADOdb code and can see that the $rs fields has the escaped quotes as soon as it executes the mysql command. I'm confident there's nothing wrong with ADOdb - it's always worked like a charm. The ADOdb manual mentions that mysql escapes quotes with a backslash, but once the string is in a php variable I should be able to do with it what I want, shouldn't I? I have tried the following work-arounds without success (individually of course, not all at the same time): $string = stripslashes($string); $string = str_replace('\\"', '"', $string); $string = str_replace("\\", "", $string); // should be the same as stripslashes $string = str_replace("\\\"", "\"", $string); $string = str_replace("\\\"", "'", $string); $string = str_replace("\\\"", "\'", $string); $string = str_replace("\\\"", "", $string); // should remove the backslash and the quote In every case $string behaves as though it's a "read-only" variable for the backslashes (I tried replacing other characters and they get replaced as expected). According to the php manual this is exactly what stripslashes is meant for but it's not working in this case. I also tried $string = str_replace("click", '<a href="http://www.link";>', $string); and it changed to <a href=\"http://www.link\";> the <a href=\"http://www.link\";>link</a> (ie it added the slashes) but this worked $string = str_replace("click", "<a href='http://www.link'>", $string); (ie no slashes were added) ...so why doesn't work-around 5 or 6 above work? First prize is to stop the quotes being escaped. If I can't stop the magical appearance of the escaped quotes then str_replace('\\"' would be second prize because I can't guarantee that the end user won't intentionally use a backslash in the template string. stripslashes would be a poor third, and needing to go through the string character by character would tell me I should be coding in a different language. So... (1) Why are these quotes being escaped even with magic_quotes_gpc off? (2) Why doesn't stripslashes or str_replace remove the backslashes? (3) How do I get rid of these backslashes without killing the server? I'm sure I'm doing something really stupid here but I just can't figure out what it is. Hope someone has a simple answer. TIA Arno OK, I tried one last thing before sending this, and IT WORKED $string = str_replace("\"", "'", $string); .. changed the double-quotes to single quotes and magically dropped the backslashes. But I'm sure the end-user will at some stage use double-quotes as part of the text, and won't expect it to come out as single quotes. Surely there must be a proper solution to this? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
