[TYPO3-english] how to: properly escape strings in 4.5.30?
Calgacus map Brude
calgach at gmail.com
Thu Nov 21 18:21:10 CET 2013
I am trying to debug an issue (not my own code) with strings getting escaped and re-escaped repeatedly as the item is resaved.
The code uses mysql_real_escape_string but even though magic quotes are turned off the post variables are already quoted when my action is called and so the call to mysql_real_escape_string doubles up the quotes. and then every time the item is resaved more and more slashes pile up.
So I need to make sure the item is escaped (once) before going to the database but then un-escaped when displayed on the page.
My action begins like so:
public function adminAction() {
$prizes = $_POST['tx_bingoprizes_bingofrontend']['prize'];
//at this point my prize[] elements are already quoted, why?
foreach ($prizes as $key => $prize) {
foreach ($prize as $field => $value) {
// echo "Magic quotes is " . (get_magic_quotes_gpc() ? "ON" : "OFF");
// echo strip_tags($value) ;die;
// OFF gets printed
$cleanedValues[$field] = mysql_real_escape_string(strip_tags($value));
}
... more code
I am using typo3 v4.5.30 , is there a typo3 setting or possibly an extension api call made somewhere that calls does the escaping before my action code fires?
How can I make sure the strings get displayed properly and resaved properly?
Thanks!
More information about the TYPO3-english
mailing list