Home/ Questions/Q 7641605
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-31T08:57:59+00:00

Every time a POST is made I get escaped characters. \ -> \\ ‘

  • 0

Every time a POST is made I get escaped characters.

\ -> \\
' -> \'
" -> \"

I have a multistep form, which transmits the data from one form to another. I save the values with prepared statments in the database. The values in the database currently look like Paul\'s House. User should have the possiblity to use single and double quotes in their string.

This is a simple example demonstrating the escaping effect:

<?php
echo $_POST['value'];
?>
<form action="form.php" method="post" enctype="multipart/form-data">
    <input type="hidden" name="value" value="Paul's House">
    <input type="submit" value="Next">
</form>

Why or who escapes the string? What is the correct way for handling data over multiple forms? What is the correct way for saving it in the database? Should I use stripslashes() or I’m opening a big security hole?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Looks like you have Magic Quotes turned on.

    http://www.php.net/manual/en/security.magicquotes.disabling.php

    Check that out for how to disable.

    • 0