> I am having trouble removing or encoding the character ' from my variable > before I write it to my database. I have tried the following methods so if > anyone can point out where I am going wrong I would be grateful. > > Example. > > <textarea rows="2" cols="60" name = "formMemo" value = "<?=$formMemo?>"> > <? $formMemo = addslashes($formMemo) ?> > <? echo $formMemo ?></textarea> TEXTAREAs do not have a 'value' attribute. > I Then stripslashes when the data is being retrieved from the database. > > Example 2. > > <textarea rows="2" cols="60" name = "formMemo" value = "<?=$formMemo?>"> > <? echo htmlspecialchars($formMemo) ?> > </textarea> This is what you want for _showing_ the data within the textarea (minus the value= part). Then, to insert the data shown in the textarea into your database, _after_ the form is submitted, you'd use $safe_data = addslashes($_POST['formMemo']); and insert $safe_data into the database. If magic_quotes_gpc is enabled (1) in your php.ini, then you don't have to do this. You should not have to use stripslashes() on data pulled from the database unless you have magic_quotes_runtime enabled. If your data in the database has slashes within it, then you are running addslashes() twice before inserting the data (possibly once with magic_quotes_gpc, and then once on your own). Hope that helps. ---John Holmes... -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
