All,
There is a text area say
<input type="submit">
And if a user gives the input as,
here is my name and my mail id is "a@x.com"
And when the data is posted on the server side the data is received as here is my name and my mail id is \"a@x.com\"
Backslash is added behind double quotes.Now how to encode the the data before submitting.I am using php on the server side..
Thanks.
分享 this is magic_quotes_gpc kicking in - to remove it just disable it in php.ini or remove it using stripslashes($your_var);
though bear in mind that this is a (lousy) security feature of php, but when storing the data to a database you should use the respective escape functions to prevent sql injections anyway and when showing user-posted data your sanitizing function should prevent xss injections.
分享
