Baffled by PHP escaping of double-quotes in HTML forms

Posted by rjray on Stack Overflow See other posts from Stack Overflow or by rjray
Published on 2010-05-04T06:50:20Z Indexed on 2010/05/04 6:58 UTC
Read the original article Hit count: 212

Filed under:

I have a simple PHP script I use to front-end an SQLite database. It's nothing fancy or complex. But I have noticed from looking at the records in the database that anything I enter in a form-field with double-quotes comes across in the form-processing as though I'd escaped the quotes with a backslash. So when I entered a record with the title:

British Light Utility Car 10HP "Tilly"

what shows up in the database is:

British Light Utility Car 10HP \"Tilly\"

I don't know where these are coming from, and what's worse, even using the following preg_replace doesn't seem to remove them:

$name = preg_replace('/\\"/', '"', $_REQUEST['kits_name']);

If I dump out $name, it still bears the unwanted \ characters.

© Stack Overflow or respective owner

Related posts about php