PHP - Form Fails When Double Forward Slashes Entered.

I have deleted mysql info for safety reasons.

Here are the two webpage's codes i'm using right now

menu.php
<?
session_start();
if(!session_is_registered(myusername)){
header("location:login.php");
}

?>

<html><title>ChronoServe - Saving Time</title>
<link href="style.css" rel="stylesheet" type="text/css">
<body>
<table width="100%" border="0" cellpadding="0" cellspacing="0" class="container">
  <tr>
    <td>
    <table width="335px" height="50%" border="1" align="center" cellpadding="0" cellspacing="0" class="centered">
      <tr>
        <td>
              <form method="post" action="insertvalues.php">
        <table width="100%" border="0" align="center" cellpadding="3" cellspacing="10">
      <tr>
        <td colspan="2"><div align="center" class="font2">Activation Information</div></td>
      </tr>
      <tr>
        <td colspan="2"></td>
      </tr>
      <tr>
        <td width="40%" class="font3">First Name :</td>
        <td width="60%">          <div align="center">
            <input name="firstname" type="text" class="font3" id="firstname" maxlength="25" />
            </div></td>
      </tr>
      <tr>
        <td class="font3">Last Name :</td>
        <td>          <div align="center">
            <input name="lastname" type="text" class="font3" id="lastname" maxlength="25" />
            </div></td>
      </tr>
      <tr>
        <td height="28" class="font3">Phone Number :</td>
        <td>          <div align="center">
            <input name="pnumber" type="text" class="font3" id="pnumber" maxlength="10" />
            </div></td>
      </tr>
      <tr>
        <td class="font3">Personnel Activated :</td>
        <td>          <div align="center">
            <input name="numberactivated" type="text" class="font3" id="numberactivated" maxlength="3" />
            </div></td>
      </tr>
      <tr>
        <td height="37" colspan="2"></td>
      </tr>
      <tr>
        <td colspan="2"><div align="center">
          <input name="submit" type="Submit" class="font3" value="Submit" />
        </div>
       </td>
      </tr>
    </table>
     </form></td>
      </tr>
    </table>
    </td>
  </tr>
</table>
</body>
</html>


insertvalues.php
<?php
if(isset($_POST['Submit']))
{
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$pnumber = $_POST['pnumber'];
$numberactivated = $_POST['numberactivated'];

mysql_connect ("deleted", "deleted", "deleted") or die ('Error: ' . mysql_error());
mysql_select_db ("deleted");

$query = "INSERT INTO disney_database (id, firstname, lastname, pnumber, numberactivated, date) VALUES ('NULL', '".$firstname."', '".$lastname."', '".$pnumber."', '".$numberactivated."', 'NULL')";

mysql_query($query) or die('Error updating database');
header("location:menu.php");
echo "Database Updated With: ".$firstname."" - "".$lastname."" - "".$pnumber."" - "".$numberactivated."";
}
else {
echo "Database Error"
{
?>

Here is my problem. I set a one <form> on every form field I have including the submit button. Now whenever I press the submit button it redirects to insertvalues.php which it should be doing. In insertvalues i told it to query the form data and post it into my database's table. Its not doing that and tells me that it has a database error which i set it to tell me if something goes wrong. Anyone can help me? BTW I can manually query in the information using sql with phpmyadmin.

so can someone please review my code for me? thanks big help!

You can see what is happening.
Visit www.chronoserve.com

The username and password are "admin"

This topic has been moved to HTML Help.

http://www.phpfreaks.com/forums/index.php?topic=316203.0

I'm building a php program that registers users onto a website. With the help of people from this thread http://www.phpfreaks.com/forums/index.php?topic=332260.15
I was able to accomplish the goal and now the signup works with conditions that check for a valid email, and if the password is strong enough.

T he program correctly displays the the problem when a user does NOT enter a valid email, or a strong enough password, but the user has to re-enter the email and password everytime.

I want to make it so that the fields remained populated with what the user entered previously, so he or she does not have to re-enter his or her email/password.

Here is the code (its really ghetto)

Code: [Select]
<?php

function check_email_address($email) {
    // First, we check that there's one @ symbol, and that the lengths are right
    if (!ereg("^[^@]{1,64}@[^@]{1,255}$", $email)) {
        // Email invalid because wrong number of characters in one section, or wrong number of @ symbols.
        return false;
    }
    // Split it into sections to make life easier
    $email_array = explode("@", $email);
    $local_array = explode(".", $email_array[0]);
    for ($i = 0; $i < sizeof($local_array); $i++) {
         if (!ereg("^(([A-Za-z0-9!#$%&'*+/=?^_`{|}~-][A-Za-z0-9!#$%&'*+/=?^_`{|}~\.-]{0,63})|(\"[^(\\|\")]{0,62}\"))$", $local_array[$i])) {
            return false;
        }
    }    
    if (!ereg("^\[?[0-9\.]+\]?$", $email_array[1])) { // Check if domain is IP. If not, it should be valid domain name
        $domain_array = explode(".", $email_array[1]);
        if (sizeof($domain_array) < 2) {
                return false; // Not enough parts to domain
        }
        for ($i = 0; $i < sizeof($domain_array); $i++) {
            if (!ereg("^(([A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9])|([A-Za-z0-9]+))$", $domain_array[$i])) {
                return false;
            }
        }
    }
    return true;
}

define('DB_NAME', 'catch');
define('DB_USER', 'username');
define('DB_PASS', 'password');
define('DB_HOST', 'page.sqlserver.com');

// contact to database
$connect = mysql_connect(DB_HOST, DB_USER, DB_PASS) or die('Error , check your server connection.');
mysql_select_db(DB_NAME);
  
//Get data in local variable
$v_name=$_POST['name'];
$v_email=$_POST['email'];
$v_msg=$_POST['msg'];


 if ( check_email_address($_POST['name'])  == false) 
 
 
 {
   $query = "INSERT INTO contact(name,email,msg) VALUES ('$v_name','$v_email','$v_msg')";
$result = mysql_query( $query );

if( !$result ) {
die( mysql_error() );
}
echo <<<EOD
<head>      
<link rel="stylesheet" type="text/css" href="http://hedgezoo.com/signup.css">
</head>
<h2>Free Registration</h2>
<form action="contact_insert2.php" method="POST" id="insert">
<table>
<tr>
<td>Email</td>
<td ><input type="text" size="40" name="name"></td>
</tr>
    <tr>
<td>Password</td>
<td><input type="password" size="40"  name="msg" ></td>
</tr>
<tr>
<td colspan=2 id="sub">
You must enter a valid email. <br />
<input type="submit" name="submit" value="submit">
</td>
</tr>
</Table>
</form>
EOD;
}

if( $v_name == "" || $v_msg == "" )
// if name is empty or if pass is empty
{
$query = "INSERT INTO contact(name,email,msg) VALUES ('$v_name','$v_email','$v_msg')";
$result = mysql_query( $query );

if( !$result ) {
die( mysql_error() );
}

echo <<<EOD
<head>      
<link rel="stylesheet" type="text/css" href="http://hedgezoo.com/signup.css">
</head>
<h2>Free Registration</h2>
<form action="contact_insert2.php" method="POST" id="insert">
<table>
<tr>
<td>Email</td>
<td ><input type="text" size="40" name="name"></td>
</tr>
    <tr>
<td>Password</td>
<td><input type="password" size="40"  name="msg" ></td>
</tr>
<tr>
<td colspan=2 id="sub">
You must enter an email and password. <br />
<input type="submit" name="submit" value="submit">
</td>
</tr>
</Table>
</form>
EOD;
}

if( strcspn( $_REQUEST['msg'], '0123456789' ) == strlen( $_REQUEST['msg'] ) )
// the above statement says if pass does not contain a number
{
$query = "INSERT INTO contact(name,email,msg) VALUES ('$v_name','$v_email','$v_msg')";
$result = mysql_query( $query );

if( !$result ) {
die( mysql_error() );
}
echo <<<EOD
<head>      
<link rel="stylesheet" type="text/css" href="http://hedgezoo.com/signup.css">
</head>
<h2>Free Registration</h2>
<form action="contact_insert2.php" method="POST" id="insert">
<table>
<tr>
<td>Email</td>
<td ><input type="text" size="40" name="name"></td>
</tr>
    <tr>
<td>Password</td>
<td><input type="password" size="40"  name="msg" ></td>
</tr>
<tr>
<td colspan=2 id="sub">
<div style="color:red;">Your password must contain a number.</div> <br />
<input type="submit" name="submit" value="submit">
</td>
</tr>
</Table>
</form>
EOD;
}


if( strlen($_POST['msg']) < 8 )
// the above statement says if pass is not 8 characters long
{
$query = "INSERT INTO contact(name,email,msg) VALUES ('$v_name','$v_email','$v_msg')";
$result = mysql_query( $query );

if( !$result ) {
die( mysql_error() );
}
echo <<<EOD
<head>      
<link rel="stylesheet" type="text/css" href="http://hedgezoo.com/signup.css">
</head>
<h2>Free Registration</h2>
<form action="contact_insert2.php" method="POST" id="insert">
<table>
<tr>
<td>Email</td>
<td ><input type="text" size="40" name="name"></td>
</tr>
    <tr>
<td>Password</td>
<td><input type="password" size="40"  name="msg" ></td>
</tr>
<tr>
<td colspan=2 id="sub">
<div style="color:red;">Your password must be at least 8 characters long.</div> <br />
<input type="submit" name="submit" value="submit">
</td>
</tr>
</Table>
</form>
EOD;
}


if ( $_POST['msg'] == strtolower($_POST['msg']) )
// the above statement says if pass is all lowercase
{
$query = "INSERT INTO contact(name,email,msg) VALUES ('$v_name','$v_email','$v_msg')";
$result = mysql_query( $query );

if( !$result ) {
die( mysql_error() );
}
echo <<<EOD
<head>      
<link rel="stylesheet" type="text/css" href="http://hedgezoo.com/signup.css">
</head>
<h2>Free Registration</h2>
<form action="contact_insert2.php" method="POST" id="insert">
<table>
<tr>
<td>Email</td>
<td ><input type="text" size="40" name="name"></td>
</tr>
    <tr>
<td>Password</td>
<td><input type="password" size="40"  name="msg" ></td>
</tr>
<tr>
<td colspan=2 id="sub">
<div style="color:red;">Your password must have at least one capital letter.</div> <br />
<input type="submit" name="submit" value="submit">
</td>
</tr>
</Table>
</form>
EOD;
}

if ( preg_replace("/[^a-zA-Z0-9\s]/", "", $_POST['msg']) == $_POST['msg'] )
// the above statement says if pass contains no special characters
{
$query = "INSERT INTO contact(name,email,msg) VALUES ('$v_name','$v_email','$v_msg')";
$result = mysql_query( $query );

if( !$result ) {
die( mysql_error() );
}
echo <<<EOD
<head>      
<link rel="stylesheet" type="text/css" href="http://hedgezoo.com/signup.css">
</head>
<h2>Free Registration</h2>
<form action="contact_insert2.php" method="POST" id="insert">
<table>
<tr>
<td>Email</td>
<td ><input type="text" size="40" name="name"></td>
</tr>
    <tr>
<td>Password</td>
<td><input type="password" size="40"  name="msg" ></td>
</tr>
<tr>
<td colspan=2 id="sub">
<div style="color:red;">Your password must have at least one special character.</div> <br />
<input type="submit" name="submit" value="submit">
</td>
</tr>
</Table>
</form>
EOD;
}
else 
echo <<<EOD
<B>GO FUCK YOURSELF</B>
EOD;
 ?>

Hi Guys,

I'm struggling with a submit form via ajax.

This is the code, but I've been looking for about 3 hours and cannot work out why it doesnt submit the form...

Any ideas?
 

<script type="application/javascript">
function addForm() {
    $.ajax({type:'POST', url: 'cart.php?ajax=1&a=add&domain=register', data:$('#add-form').serialize(), success: function(response) {
        $('#add-form').find('.form_result').html(response);
    }});

    return false;
}
function transferForm() {
    $.ajax({type:'POST', url: 'cart.php?ajax=1&a=add&domain=transfer', data:$('#transfer-form').serialize(), success: function(response) {
        $('#transfer-form').find('.form_result').html(response);
    }});

    return false;
}
</script> 

My code is mixed with smarty but the call is just a standard call

{foreach from=$availabilityresults key=num item=result}
{if $result.status eq "available"}
<form method="post" id="add-form"  onsubmit="return addForm();">
{else}
<form method="post" id="transfer-form"  onsubmit="return transferForm();">
{/if}
<table width="700" border="0" cellspacing="5" cellpadding="0">
    <input type="hidden" name="domain" value="{$result.domain}" />
    <tr style="border-bottom: #333 1px solid;">
    <td rowspan="2">{if $result.status eq "available"}<img src="templates/dj/yes.jpg" />{else}<img src="templates/dj/no.jpg" />{/if}</td>
    {if $result.status eq "available"}<td style="color:#339933;" />{$result.domain|replace:$domain:''}</td>{else}<td style="color:#cc0000;" />{$result.domain|replace:$domain:''}</td>{/if}
    <td rowspan="2">{$result.domain}</td>
    <td rowspan="2">{if $result.status eq "unavailable"}{else}
    <select name="domainsregperiod[{$result.domain}]">
    {foreach key=period item=regoption from=$result.regoptions}
    	<option value="{$period}">{$period} {$LANG.orderyears} @ {$regoption.register}</option>
    {/foreach}
    </select>
    {/if}</td>
    <td rowspan="2">{if $result.status eq "available"}
    <input type="image" src="templates/dj/add-basket.jpg" border="0" alt="Add to Basket" /><div class="form_result"> Added to Basket </div>
    {else}
    <input type="image" src="templates/dj/transfer.jpg" border="0" alt="Transfer to Us" />
    {/if}</td>
  </tr>
  <tr>
    <td>{if $result.status eq "available"}Available{else}Taken{/if}</td>
  </tr>
  <tr><td colspan="8" style="height:1px; background-color:#999;"></td></tr>
 
</table>
</form>
{/foreach}

Hello,

I have a contact form that is not working. It just keeps providing the failed delivery message specified in the contact. php file. Any help would be much appreciated.

Thanks,

Code: [Select]
<?php
$field_department = $_POST['cf_department'];
$field_message = $_POST['cf_message'];

$mail_to = 'blah@blah.com';
$subject = 'Website Feedback';

$body_message .= 'Addressed to: '.$field_department."\n";
$body_message .= 'Message: '.$field_message;

$mail_status = mail($mail_to, $subject, $body_message);

if ($mail_status) { ?>
<script language="javascript" type="text/javascript">
alert('Thank you for your feedback.');
window.location = 'contact.html';
</script>
<?php
}
else { ?>
<script language="javascript" type="text/javascript">
alert('Message failed. Please, send an email to blah@blah.com');
window.location = 'contact.html';
</script>
<?php
}
?>

------------------------------------------------

Code: [Select]
<form action="contact.php" method="post">
          <ol><li>
          </li><li>
            <label for="department">Addressed to:</label>
            <input type="text" name="cf_department" class="text" />
          </li><li>
            <label for="message">Your Message:</label>
            <textarea name="cf_message"rows="10" cols="50"></textarea>
          </li><li>
            <input type="submit" value="send" /><input type="reset" value="Clear"/>
            <div class="clr"></div>
          </li></ol>
          </form>

If I have a standard HTML form in my PHP script and the User submits the form - which resubmits to itself for processing - and then the User hits the "Back" button and then the "Forward" button, why does the Form and its data get re-submitted?!

What mechanics are exactly happening?

I had a "Submit Payment" page that was doing that and so people would get charged twice and that is obviously a big problem.

Please help me understand what causes that issue and different ways to fix it.

Thanks,


Debbie

I've got a BIG problem...

When a user submits my form it works fine, displays a "Transaction Success/Failed", and e-mails me a confirmation.

However, if the user then navigates to another page (e.g. "Home"), and then clicks their browser's "Back" button, my form gets re-submitted?!    

This is on a VPS, but I just chatted with server support and they are saying,

Quote

register_globals = Off


So what is going wrong?!



Debbie

Hi all

I have a field in mySQL table called dimensions. It has the double quote in in for inches - "

When I echo the result from the mySQL query on the item page (Customer facing) it's fine. However, I have built a form so that the administrator can edit the dimensions in the admin panel and when I echo it out in to the form field it stops when it gets to the double quotes?

Pete

Hello Everyone,
I've been working with XAMPP 1.7.3 and have a general question. I've always read (and been told) to use addslashes() for any MySQL input to protect the database. My PHP.ini file has magic quotes off and the system automatically produces a caret symbol "^" in front of every control character I upload to the database. I can't find anything in the PHP.ini file relating to the caret symbols and control characters, nor can I find anything in the My.ini file.

In testing, it the system behaves just as it would if I had magic quotes on, except that the system uses the carets instead of slashes. I have no problem removing the carets (and any slashes that a user might upload) but would like to know what is going on. I've done google searches on this and have only found content regarding regular expressions. Could someone clue me in? Thank in advance.
Cheers,
Rick

Hi:

Is this the proper way to remove slashes from apostrophes:
Code: [Select]
if ($_SERVER['REQUEST_METHOD'] == 'POST')
{

$myTitle = mysql_real_escape_string(stripslashes($_POST['myTitle']));
$myDesc = mysql_real_escape_string(stripslashes($_POST['myDesc']));
$myHeader = mysql_real_escape_string(stripslashes($_POST['myHeader']));
$mySubHeader = mysql_real_escape_string(stripslashes($_POST['mySubHeader']));
$myPageData = mysql_real_escape_string(stripslashes($_POST['myPageData']));


It seems to work fine, I'd just like to clarify I'm not missing anything.

Thanks!

Hi All I Am confused

I would like to put info into a database but need it to be secure. I have some code shown below. The problem is I would like to put in ' but keep the data secure.
When it comes back I do not want to show \' I think you might know what I am trying to do.
Here is the code but would like to know how to stop the \' showing.
Code: [Select]
$password = mysql_real_escape_string(stripslashes(trim($_POST['password'])));
Any help would be great thank you.

Hi there i have this code:
Code: [Select]
$str = "<i><font color="800080"> man </font></i><p><font color="9898989"> hi </font></p><p><font color="1111111"> cheers </font></p>";
$pattern = '/<font .*?>(.*?)<\/font>/';
if(preg_match_all($pattern, addslashes($str), $posts)){
        $i=0;
for($i; $i < count($posts[0]); $i++){
            echo "content: " . $posts[0][$i] . "<br/>";
            echo "colour: " . $posts[1][$i] . "<br/>";
             echo "<br />";
           
           }
}
and it doesn't work apparently because of the addslashes but its really needed as double quotes needs to be escaped, consider that i'm applying this code to a larger html file with hundreds of double quotes to be escaped....

error msg i get is Parse error: syntax error, unexpected T_LNUMBER in
thanks in advance..

I have this page that keeps adding slashes (exponentially) to the $sql var that gets passed on through the hidden text area. I cannot figure out why it does this.

Any ideas are appreciated. Thank you.


<?php
include_once $_SERVER['DOCUMENT_ROOT'] . '/include/login.php';
include_once $_SERVER['DOCUMENT_ROOT'] . '/include/mysql.php';

if(!Login::loggedIn()) {
include $_SERVER['DOCUMENT_ROOT'] . '/include/uploads/pages/login.php';
} else {
function displayForm()
{
$sql     = 'SELECT * FROM `content` WHERE `contentCallid` = \'' . $_GET['page'] . '\'';
$con     = $GLOBALS['mysql']->connect();
$query   = mysql_query($sql, $con);
$content = mysql_fetch_array($query);

$content['breadcrumb']     = explode(',', $content['breadcrumb']);
$content['breadcrumbLink'] = explode(',', $content['breadcrumbLink']);
$breadcrumb = '';

for($i = 0; $i < count($content['breadcrumb']); $i++) {
if($i > 0)
$breadcrumb .= ',';
$breadcrumb .= $content['breadcrumbLink'][$i] . '::' . $content['breadcrumb'][$i];
}

if(empty($_POST['sql'])) {
$sql = 'INSERT INTO `contentVersions`
(`contentCallid` ,
`contentTitle` ,
`content` ,
`views` ,
`permissionNeeded` ,
`status` ,
`version` ,
`created` ,
`createdBy` ,
`lastEdit` ,
`lastEditBy` ,
`breadcrumb` ,
`breadcrumbLink` ,
`noBreadcrumb` ) 
VALUES (
\'' . ($content['contentCallid'])    . '\',
\'' . ($content['contentTitle'])     . '\',
\'' . ($content['content'])          . '\',
\'' . ($content['views'])            . '\',
\'' . ($content['permissionNeeded']) . '\',
\'' . ($content['status'])           . '\',
\'' . ($content['version'])          . '\',
\'' . ($content['created'])          . '\',
\'' . ($content['createdBy'])        . '\',
\'' . ($content['lastEdit'])         . '\',
\'' . ($content['lastEditBy'])       . '\',
\'' . ($content['breadcrumb'])       . '\',
\'' . ($content['breadcrumbLink'])   . '\',
\'' . ($content['noBreadcrumb'])     . '\');';
$sql = stripslashes($sql);
} else {
$sql = $_POST['sql'];
}
?>
<form id="loginForm" name="loginForm" method="post" action="index.php?p=editPage&page=<?= $_GET['page']; ?>&ref=editPage">
   <fieldset>
    <legend>Page Settings </legend>
<p>
      <label>Page Title: </label>
      <input name="title" style="width:450px;" id="title" value="<?= $content['contentTitle']; ?>" type="text" />
    </p>
<p>
      <label>Content ID: </label>
      <input name="callid" readonly="readonly" style="width:381px;" id="callid" value="<?= $content['contentCallid']; ?>" type="text" />
  &nbsp;
  <input name="suggestC" type="button" value="Suggest" onclick="suggestCallID('<?= $content['contentCallid']; ?>');" />
    </p>
<p>
      <label>Breadcrumb: </label>
      <input name="breadcrumb" style="width:381px;" id="breadcrumb" value="<?= $breadcrumb; ?>" type="text" />
  &nbsp;
  <input name="suggestBC" type="button" value="Suggest" onclick="suggestBreadcrumb();" /></p>
  </fieldset>
  <textarea name="editPageWYS" id="editPageWYS"><?= $content['content']; ?></textarea>
   <textarea style="visibility:hidden;" name="sql"><?= $sql; ?></textarea>
   <textarea style="visibility:hidden;" name="version"><?= $content['version']; ?></textarea>
   <textarea style="visibility:hidden;" name="contentid"><?= $content['contentid']; ?></textarea>
   <fieldset>
    <legend>Actions</legend>
<p>
  <input name="save" type="submit" value="Save" />
    </p>
  </fieldset>
</form>
<?php
}

if(!empty($_POST['save'])) {
if(empty($_POST['title']) || empty($_POST['callid'])) {
echo '<blockquote class="failure">Save not successful. You need to have both a title and content id. Please type in a title then click the "Suggest" button.</blockquote>';
displayForm();
} else {
$time = time();
$bc   = explode(',', $_POST['breadcrumb']);
$bcText = array();
$bcLink = array();

for($i = 0; $i < count($bc); $i++) {
$bc[$i]     = explode('::', $bc[$i]);
$bcLink[$i] = $bc[$i][0];
$bcText[$i] = $bc[$i][1];
}

$bcLink = implode(',', $bcLink);
$bcText = implode(',', $bcText);

$con   = $GLOBALS['mysql']->connect();
$query = mysql_query($_POST['sql'], $con);

echo $_POST['sql'];
if(!$query) {
echo '<blockquote class="failure">Warning: A MySQL error has occured while adding the backup to the database.<p>' . mysql_error() . '</p></blockquote>';
displayForm();
}

$sql = 'UPDATE  `content` SET
`content` = \'' . $_POST['editPageWYS'] . '\',
`breadcrumb` = \'' . $bcText . '\',
`breadcrumbLink` = \'' . $bcLink . '\',
`contentCallid` = \'' . $_POST['callid'] . '\',
`contentTitle` = \'' . $_POST['title'] . '\',
`version` = \'' . ($_POST['version'] + 1) . '\',
`lastEdit` = \'' . $time . '\',
`lastEditBy` = \'' . $_SESSION['username'] . '\'
WHERE `contentid` = ' . $_POST['contentid'] . ' LIMIT 1 ;';

$query = mysql_query($sql, $con);
if(!$query) {
echo '<blockquote class="failure">MySQL Error<p>' . mysql_error() . '</p></blockquote>';
displayForm();
} else {
echo '<blockquote>Page Successfully Edited<br /><br /><a href="index.php?p=' . $_POST['callid'] . '&ref=newPage">Click Here to View It</a></blockquote>';
}
}
} else {
displayForm();
}
}
?>

This is driving me nuts and I'm hoping someone can help me figure it out.  I have a site with PHP/MySQL.  I have a form where people can submit a comment.  This comment then goes into a MySQL database and gets displayed back on another page of the website.

NOTE:  I put this question in the PHP Forum because I think the problem is happening somewhere BEFORE the info gets entered into MySQL.  But of course, I could be wrong.

The problem is that some of the comments are coming in with a "\" in front of apostropes, but NOT ALL OF THEM (which is really confusing me).

For example, someone entered this comment which shows in the MySQL database exactly like this...

I predict Lena's gonna win a lifetime Grammy.  It's long overdue.

Someone else entered a comment which shows in the MySQL database exactly like this...

can\\\'t wait to see first pics of the next addition.  Congrats!

They both have apostrophes in them, but only that second one added those slashes (and 3 of them for some reason). 

There are more instances of this where some comments have the slashes before the apostrophe and some don't.  Anyone know what might be causing this seemingly random insertion of slashes?

Ok so I'm coding up a file tree for a script and I've got the system setup so that when a user clicks on a folder it adds that folder to the path. The path is stored in a variable, but I'd like to allow the user to be able to go down multiple directories at once. To do this I'm going to seperate each folder name in the path and link to it so as an example:

$path = './home/public_html/folder1/folder2';

how can I separate each of those so I can make a link to that folder so that:

/home goes to $path = './home/';
/public_html goes to $path = './home/public_html';
etc...
---
Basically just seperate the slashes into an array and seperate each of them off based on how far along it is but I don't know how to do that...