Kevin Waterson wrote:
I am using str_replace to strip double quotes.
$string = 'This string has "quotes" in it';
$string = str_replace('"', '', $string);
this seems to work, yet when I put the $string into mysql,
it uses backslashes to escape where the quotes were. The
double-quotes are gone, yet it still escapes the 'ghost'
where they were.
I even tried
str_replace(array("\x8c", "\x9c", "'", '"'), '', $string)
but the ghost remains and mysql continues to escape them.
I check the charsets, and the db is Latin-1 and the sting is ISO-8859-1
Any thoughts on this would be most graciously accepted.
Kind regards
kevin
is $string honestly something that you are getting via a form submit?
if so, your system might have magic quotes enabled.
This would automatically escape quotes with the attempt to make the
values safer, and then you go and run your str_replace command and
remove the double quotes, you end up leaving the '\' that the system
automatically put in the value for you.
read up on magic quote gpc
hope this helps.
Jim
--
Jim Lucas
"Perseverance is not a long race;
it is many short races one after the other"
Walter Elliot
"Some men are born to greatness, some achieve greatness,
and some have greatness thrust upon them."
Twelfth Night, Act II, Scene V
by William Shakespeare
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
