php and quotation marks

[castaban]

Sorry guys, I program very little with php, I just moved my php script here from a different site. I collect user comments in that script and whenever a user types a " or ' it is escaped like \" or \'. It was not happening in my other site. How can I stop this?. Part of my script:
$filename = 'guest1.html';
$somecontent = $_POST['Comment'];

$somecontent will contain \'s..

[xadrieth]

use:

stripslashes();

there is also "addslashes();" if you need to do the oposite.

[descalzo]

Free hosting here has what is call ' magic quotes ' enabled. Many places have it disabled.

So input from forms have slashes added.

As mentioned, if $input contains your input,

$input = stripslashes( $input ) ;

should get it back to what the user put in.

[marshian]

Make sure that you check the input if you wish to do such a thing! htmlentities and strip_slashes are very useful!
Pay attention to code injections.

[xav0989]

If you plan in saving the data in SQL, use functions such as mysql_escape_string() & family to protect your application.

[castaban]

Thanks guys, very helpful...
Output is written to a flatfile, so I don't worry about SQLinjection

[xav0989]

Just keep it in mind if you ever plan to move to a database!

[misson]

If content from the flat file is ever going to be displayed in an application that parses HTML, you'll need something like the filter functions to prevent HTML injection/XSS.

[fretwizz]

If content from the flat file is ever going to be displayed in an application that parses HTML, you'll need something like the filter functions to prevent HTML injection/XSS.

HTML injection?

[castaban]

Now you are worrying me... Flatfile is formatted to be displayed in the browser of course. Format is like this:
<ul><li>
<B>Comment: </B> User comment entered here via textarea <BR>
</ul>

Are you saying somebody can infect my page using the textarea? If so help appreciated how to prevent that...