escape character textarea bug - help!

Live forum:


15-09-2007 11:50:34

I have two websites which both have a blogging tool that I wrote on them. This allows me to quickly write an article and submit it - the submission page then writes a .phpurl==http://=http:///url file (so that the URL for the article is "real" for SEO purposes) and also adds the text of the article to a DB so that I can easily edit it later. Here's the weird thing. I'm using the exact same code on the two different sites (both have a blog). The main text part of the article is submitted via a form using a textarea. On one blog, the text that's passed to the submission step has the escape characters included (as it should for use with a MySQL insert) whereas on the other blog, the escape characters aren't there. I copied the code directly, the only thing that is different is which table the data is being stored in - and that call comes later than the one I am using to check what value is being passed for the text.

Both websites are hosted on the same (dreamhost) server, and I can't think of anything that's different except for the domain names. Help?


15-09-2007 14:25:12

code please


15-09-2007 17:51:45

[code1b86a7c83b4] /li Get the passed in values. li/
$title = $_POST['title'];
$subtitle = $_POST['subtitle'];
$link = $_POST['link'];
$text = $_POST['text'];
$comments = $_POST['comments'];
$visible = $_POST['visible'];
$date = $_POST['date'];

echo "text is $text";

/li Make sure that the link is unique. li/
$result = mysql_query("SELECT li FROM fit_articles WHERE link='$link'");
if ($row = mysql_fetch_array ($result, MYSQL_ASSOC)) {
$message = "linkname is already in use! Story not added.";
} else {

/li Add the story. li/
mysql_query("INSERT INTO fit_articles ( title, subtitle, link, text, comments, visible, date )
VALUES ( '$title', '$subtitle', '$link', '$text', '$comments', '$visible', '$date' ) ");[/code1b86a7c83b4]

I KNOW that I should be using mysql_real_escape_string HOWEVER, I don't get why this exact same code works on one site but not on the other (one site, when you echo $text you get the backslashes, on the other you do not). $text comes from a form input textarea (that code wouldn't print properly here on FIPG).


15-09-2007 17:54:12

OMFG I just realized I had one domain name set to PHP 4.4.7 and the other to PHP 5.2 or something. Hm, interesting difference between the two, I wonder why that is?


15-09-2007 18:36:33

i've never looked up the differences, i just stick with v4 ;)


15-09-2007 21:24:09

It depends on what the "magic quotes" variable is set to. I think the default is set to on, but I'm not sure. Haven't fiddled with PHP installations in a while. Magic quotes will automatically escape any text input. Just type up a PHP page with only the following



That'll give you all the settings wink

Also, http//