收录日期:2021/01/28 16:53:41 时间:2010-03-31 04:05:23 标签:php,mysql

When my code is stored and saved and out putted I keep getting these slashes \\\\\ in my output text. how can I get rid of these slashes?

Here is the PHP code.

if (isset($_POST['submitted'])) { // Handle the form.


require_once '../../htmlpurifier/library/HTMLPurifier.auto.php';

$config = HTMLPurifier_Config::createDefault();
$config->set('Core.Encoding', 'UTF-8'); // replace with your encoding
$config->set('HTML.Doctype', 'XHTML 1.0 Strict'); // replace with your doctype
$purifier = new HTMLPurifier($config); 


$mysqli = mysqli_connect("localhost", "root", "", "sitename");
$dbc = mysqli_query($mysqli,"SELECT users.*, profile.*
                                 FROM users 
                                 INNER JOIN contact_info ON contact_info.user_id = users.user_id 
                                 WHERE users.user_id=3");

$about_me = mysqli_real_escape_string($mysqli, $purifier->purify($_POST['about_me']));
$interests = mysqli_real_escape_string($mysqli, $purifier->purify($_POST['interests']));



if (mysqli_num_rows($dbc) == 0) {
        $mysqli = mysqli_connect("localhost", "root", "", "sitename");
        $dbc = mysqli_query($mysqli,"INSERT INTO profile (user_id, about_me, interests) 
                                     VALUES ('$user_id', '$about_me', '$interests')");
}



if ($dbc == TRUE) {
        $dbc = mysqli_query($mysqli,"UPDATE profile 
                                     SET about_me = '$about_me', interests = '$interests' 
                                     WHERE user_id = '$user_id'");

        echo '<p class="changes-saved">Your changes have been saved!</p>';
}


if (!$dbc) {
        // There was an error...do something about it here...
        print mysqli_error($mysqli);
        return;
}

}


Here is the XHTML code.

<form method="post" action="index.php">
    <fieldset>
        <ul>
            <li><label for="about_me">About Me: </label>
            <textarea rows="8" cols="60" name="about_me" id="about_me"><?php if (isset($_POST['about_me'])) { echo mysqli_real_escape_string($mysqli, $_POST['about_me']); } else if(!empty($about_me)) { echo mysqli_real_escape_string($mysqli, $about_me); } ?></textarea></li>

            <li><label for="my-interests">My Interests: </label>
            <textarea rows="8" cols="60" name="interests" id="interests"><?php if (isset($_POST['interests'])) { echo mysqli_real_escape_string($mysqli, $_POST['interests']); } else if(!empty($interests)) { echo mysqli_real_escape_string($mysqli, $interests); } ?></textarea></li>

            <li><input type="submit" name="submit" value="Save Changes" class="save-button" />
                <input type="hidden" name="submitted" value="true" />
            <input type="submit" name="submit" value="Preview Changes" class="preview-changes-button" /></li>
        </ul>
    </fieldset>

</form>

When you pull data from MySQL, you will want to run it through this to get clean output:

$clean_value = stripslashes($value);

Could be that your php installation has Magic Quotes enabled: http://php.net/manual/en/security.magicquotes.php

See: http://www.php.net/manual/en/security.magicquotes.disabling.php for ways to disable them.