So replace ' \" ' instead of ' " '.
On 9/22/07, Jim Lucas <lists@xxxxxxxxx> wrote:
> Kevin Waterson wrote:
> > I am using str_replace to strip double quotes.
> >
> > $string = 'This string has "quotes" in it';
> >
> > $string = str_replace('"', '', $string);
> >
> > this seems to work, yet when I put the $string into mysql,
> > it uses backslashes to escape where the quotes were. The
> > double-quotes are gone, yet it still escapes the 'ghost'
> > where they were.
> >
> > I even tried
> > str_replace(array("\x8c", "\x9c", "'", '"'), '', $string)
> > but the ghost remains and mysql continues to escape them.
> >
> > I check the charsets, and the db is Latin-1 and the sting is ISO-8859-1
> >
> > Any thoughts on this would be most graciously accepted.
> > Kind regards
> > kevin
> >
> >
> is $string honestly something that you are getting via a form submit?
>
> if so, your system might have magic quotes enabled.
>
> This would automatically escape quotes with the attempt to make the
> values safer, and then you go and run your str_replace command and
> remove the double quotes, you end up leaving the '\' that the system
> automatically put in the value for you.
>
> read up on magic quote gpc
>
> hope this helps.
>
> Jim
>
> --
> Jim Lucas
>
>
> "Perseverance is not a long race;
> it is many short races one after the other"
>
> Walter Elliot
>
>
>
> "Some men are born to greatness, some achieve greatness,
> and some have greatness thrust upon them."
>
> Twelfth Night, Act II, Scene V
> by William Shakespeare
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
