PHP can't strip slashes when trying to echo mysql escaped data to XML using DOMDocument

Question

I inserted in database some HTML text after escaping them using mysql_real_escape_string, and I am trying to add them to XML document to be read by flash file, I am using DOMDocument class to make the XML document, here's my tries and outputs: try 1:

$descC = $doc->createCDATASection(stripslashes($sql['body']));
$desc = $doc->createElement('desc');
$desc->appendChild($descC);

output:

A lot of slashes !

try 2:

$desc = $doc->createElement('desc',htmlentities(stripslashes($sql['body'])));

output:

Also alot of slashes

Any ideas ?

Answer 1

It comes from the database, It has slashes because I escaped it before inserting

your data shouldn't have extraneous slashes when it comes out of the database; what is added when escaping the data shouldn't be visible in the final result, no stripslashes() should be necessary any more.

You most likely have a problem in the way you prepare your data for the database. Maybe show us that.

Answer 2

I think magic quotes are enabled in your configuration.

you must check it before escaping vai mysql_real_escape_string() as it will add more slashes.

if(get_magic_quotes_gpc()){

$b = stripslashes($b);

}

$b = mysql_real_escape_string($b);