Home/ Questions/Q 8532305
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-11T09:41:08+00:00

i have a form that users post about themselves exc. I’ve read that with

  • 0

i have a form that users post about themselves exc. I’ve read that with PDO you don’t get any issues with apostrophes or quatation marks, however i’m getting " as \" exc. as you can guess.

Also tried to read about http://www.php.net/manual/en/pdo.prepared-statements.php but this part of website is not working as i see that’s why i ask here first.

I get user input like this :

if(isset($_POST["doit"])) {
    $about = cleanInput($_POST["about"]);
    $name = cleanInput($_POST["name"]);

    if(!empty($about) && !empty($name)){
     try{
     $cu_query = "INSERT INTO `members` (`about`, `name`) VALUES (:about, :name)";
     $cu_query_do = $db->prepare($cu_query);
     $cu_query_do -> bindParam(':about', $about, PDO::PARAM_STR);
     $cu_query_do -> bindParam(':name', $name, PDO::PARAM_STR);
     $cu_query_do->execute() or die(print_r($cu_query_do->errorInfo(), true));
   }

     catch(PDOException $e) {
     $log->logError($e." - ".basename(__FILE__));
   }

   }
}

I print out user input like this and fetch the user inputs from db like this :

    //if isset get exc..

    try {
 $mq = "SELECT * FROM `members` WHERE `m_id` = :m_id";
 $mq_check = $db->prepare($mq);
 $mq_check->bindParam(':m_id', $m_id, PDO::PARAM_INT);
 $mq_check->execute();
 $ac = $db->query("SELECT FOUND_ROWS()")->fetchColumn();
 }
     catch(PDOException $e) {
 $log->logError($e." - ".basename(__FILE__));
                }


     if(!empty($ac)) {
     $_loader = true;
     $fetch = $mq_check->fetch (PDO::FETCH_ASSOC);
     $name = cleanInput($fetch['name']);
     $about = cleanInput($fetch['about']);


     }

     echo $name;

Thank You

Answer : If you’ve disabled the it from the WHM or from php.ini exc but if the problem still continues check with the code @Wayne Whitty mentioned below
If it is still seems like active ,

Than include this code in your header file :

if (get_magic_quotes_gpc()) {
$process = array(&$_GET, &$_POST, &$_COOKIE, &$_REQUEST);
while (list($key, $val) = each($process)) {
    foreach ($val as $k => $v) {
        unset($process[$key][$k]);
        if (is_array($v)) {
            $process[$key][stripslashes($k)] = $v;
            $process[] = &$process[$key][stripslashes($k)];
        } else {
            $process[$key][stripslashes($k)] = stripslashes($v);
        }
    }
}
unset($process);
}

That fixed my problem but if problem still continues, than you have to check your input sanitizations exc.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Either magic quotes are enabled on your server or your function cleanInput() is calling the function addslashes().

    Check to see if magic quotes are enabled by running this:

    if(get_magic_quotes_gpc()){
    echo 'Magic Quotes enabled... sigh!';
}

    The PHP manual shows you how to deal with magic quotes:

    • 0