THESE FORUMS NOW CLOSED (read only)
Comic Discussion => QUESTIONABLE CONTENT => Topic started by: MikeMcG on 07 Jul 2008, 23:48
-
Please stripslashes() before you print out your news bits. =[
-
Wat
-
There is a thread for this, it's called Ask Jeph. It is, in fact, just above your thread. Maybe just below.
-
This isn't a question. This is a demand. I think he's actually doing it now, 'cause this week's comic blurb didn't have escape characters.
Edit: I'm wrong, he's still not doing it.
Amir\'s optimism is virtually unchecked.
In programming, text is stored as strings and are represented by text wrapped in single or double quotes (depending on the language, single quotes might not exist. But for the sake of this discussion only PHP will exist). "This is a string" <- that is a string. 'This is also a string.' <- That is also a string. So, if you want to use a single quote or an apostrophe in a single quoted string you'd have to escape it; use a special character to say "Dude, don't think this is the end of the string." Hence 'This string won\'t end at won\'t \'cause I escaped it.' will be a complete string and won't die at won't. Most PHP configurations have something called magic_quotes (I think?) turned on, so any incoming POST or GET information is automatically escaped, and this might be the case for Jeff. Or, he might be escaping strings before he puts them into his database (database queries that insert information are strings and contain strings) so he doesn't accidentally destroy things. In either case he isn't removing the escapes before he outputs it. All it would take would be stripslashes($dbrow['blurb']); to get rid of those damn backslashes. Now you know.