stripslashes and mysql_escape_string not removing all slashes
Question
I am having a issue with stripslashes. I cannot get my Javascript code to json_decode because i believe the slashes are intruding.
here is what i have:
$str = stripslashes ($_POST['setImage']);
$setImage = mysql_escape_string($str);
if(json_decode($str) == NULL)
{
echo("not valid json!");
}else{
$imageUrls = json_decode($setImage);
}
grabbing info from here:
<img src="<?php echo $photo['picurl']; ?>" onclick='javascript: setCoverForSet(
{"photo_id": "<?php echo $photo['photo_id']; ?>",
"original": "<?php echo $photo['piclink']; ?>",
"thumbnail": "<?php echo $photo['picurl']; ?>"});'/>
<input type="text" value='{"photo_id": <?php echo $photo['photo_id']; ?>, "original": <?php echo $photo['piclink']; ?>, "thumbnail": <?php echo $photo['picurl']; ?>}' name="photos[]" />
here is what it is outputting when i print
{\"photo_id\": \"2\", \"original\": \"content/employees/1/1363556600bsmiles.jpg\", \"thumbnail\": \"content/employees/thumbs/1/thumb_1363556600bsmiles.jpg\"}
the quotes have to be in the input or it will not work right.
thanks for your help.
Updated 7:58 EST 03/22
I am eventually sending it to a table in the database.
here is the whole statement:
$str = stripslashes ($_POST['setImage']);
$setImage = mysql_escape_string($str);
if(json_decode($str) == NULL)
{
echo("not valid json!");
}else{
$imageUrls = json_decode($setImage);
}
$photos = mysql_escape_string($_POST[photos]);
$piclink = print $imageUrls->{'thumbnail'};
$piclurl = print $imageUrls->{'original'};
$title = mysql_escape_string($_POST[title]);
$firstname = mysql_escape_string($_POST[firstname]);
$lastname = mysql_escape_string($_POST[lastname]);
$todaysdate = date("Y-m-d");
mysql_query("UPDATE staff SET title = '".$title."', staff_firstname = '".$firstname."',
staff_lastname = '".$lastname."',
piclink = '".$piclink."',
picurl = '".$picurl."',
last_update = '".$todaysdate."' WHERE staff_id = $EID") or die(mysql_error());
The only thing that I can think of is that the extra slashes are interfering with the json_decode. I only put the echo statement in so that i could see what was being passed after the post.
I did try to stripslashes while doing the mysql_escape_string like this:
$setImage = mysql_escape_string(stripslashes ($_POST['setImage']));
But gave the same result.
2 answers
solution1
0 ACCPTED 2013-03-23 14:22:20
I figured this out in case anyone is interested.
I got rid of the mysql_escape_string and that eliminated the slashes. still used the strip slashes though.
I also deleted the print statement from the decode area. Now all is working and it evters the string into the database where it is supposed to be.
Here is the new code:
$setImage = stripslashes ($_POST['setImage']);
if(json_decode($setImage) == NULL)
{
echo("not valid json!");
}else{
$imageUrls = json_decode($setImage);
}
$photos = mysql_escape_string($_POST[photos]);
$piclink = $imageUrls->{'thumbnail'};
$picurl = $imageUrls->{'original'};
$title = mysql_escape_string($_POST[title]);
$firstname = mysql_escape_string($_POST[firstname]);
$lastname = mysql_escape_string($_POST[lastname]);
$todaysdate = date("Y-m-d");
mysql_query("UPDATE staff SET title = '".$title."', staff_firstname = '".$firstname."',
staff_lastname = '".$lastname."',
piclink = '".$piclink."',
picurl = '".$picurl."',
last_update = '".$todaysdate."' WHERE staff_id = $EID") or die(mysql_error());
echo "<b><font color='#999999'> Staff edit succeeded</font></b><br />";
solution2
-1 2013-03-22 21:18:22
It is more efficient for you to simple use regex and remove all the symbols you do not require,
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.