[TYPO3-english] how to: properly escape strings in 4.5.30?

Calgacus map Brude calgach at gmail.com
Thu Nov 21 18:21:10 CET 2013

I am trying to debug an issue (not my own code) with strings getting escaped and re-escaped repeatedly as the item is resaved.

The code uses mysql_real_escape_string but even though magic quotes are turned off the post variables are already quoted when my action is called and so the call to mysql_real_escape_string doubles up the quotes. and then every time the item is resaved more and more slashes pile up.

So I need to make sure the item is escaped (once) before going to the database but then un-escaped when displayed on the page.

My action begins like so:

 public function adminAction() {
    $prizes = $_POST['tx_bingoprizes_bingofrontend']['prize'];
    //at this point my prize[] elements are already quoted, why?
    foreach ($prizes as $key => $prize) {
        foreach ($prize as $field => $value) {
            // echo "Magic quotes is " . (get_magic_quotes_gpc() ? "ON" : "OFF");
            // echo strip_tags($value) ;die;
            // OFF gets printed
            $cleanedValues[$field] = mysql_real_escape_string(strip_tags($value));
... more code
I am using typo3 v4.5.30 , is there a typo3 setting or possibly an extension api call made somewhere that calls does the escaping before my action code fires?

How can I make sure the strings get displayed properly and resaved properly?


More information about the TYPO3-english mailing list