I have taken over a website that was written by someone else. The site was originally hosted with magic quotes off.
The site has been moved to a different host that has magic quotes enabled. This is shared hosting so it can't be turned off. I am now getting extra backslashes in front of double quotes.
The original coder has used real_escape_string and I can't work out how to use that with stripslashes().
This is the segment of code that is causing the problem:-
$mysqli = new mysqli($host,$user,$password,$db);
//get data from form
$bandName = $mysqli->real_escape_string($_POST['txtBandName']);
$bandDetails = $mysqli->real_escape_string($_POST['txtBandDetail']);
$bandLink = $mysqli->real_escape_string($_POST['txtBandLink']);
$bandPhoto = $mysqli->real_escape_string($_FILES['txtBandPhoto']['name']);
$bandVideo = $mysqli->real_escape_string($_POST['txtBandVideo']);
I get the impression that there is now a better method to do this, but I don't have time for a massive change of the code for the site, that will come later, I just want a 'quick and dirty' fix for now.
No comments:
Post a Comment