rarebit Posted August 30, 2008 Share Posted August 30, 2008 Hi, I write some config files for my site, I do this by outputting php and then just including it. Until now it's just been me using it, but now others are possible errors can appear. Basically I need to allow all types of quotes in strings from form text and textarea, and then preferably use without using any functions. For instance in the following example I want to be able to do it without having to 'stripslashes' at the print statements. <?php error_reporting(E_ALL); $filename = "config.php"; function file_write($fn, $s) { $fp = fopen($fn, "w"); fwrite($fp, $s); fclose($fp); return 0; } function prepare_file($ptitle, $ptagline) { $s = "<?php\n"; $s .= "\$title = '".$ptitle."';\n"; $s .= "\$tagline = '".$ptagline."';\n"; $s .= "?>\n"; return $s; } if(isset($_POST['UPDATE'])) { $ptitle = addslashes($_POST['title']); $ptagline = addslashes($_POST['tagline']); $s = prepare_file($ptitle, $ptagline); file_write($filename, $s); } include($filename); print stripslashes($title); print stripslashes($tagline); print "<br><br>"; print "<form method='POST' action=''><table>"; print "<tr valign='top'><td align='right'>Title:</td><td><input type='text' name='title' size='32' value='".htmlentities(stripslashes($title), ENT_QUOTES)."'></td></tr>"; print "<tr valign='top'><td align='right'>Tagline:</td><td><textarea name='tagline' rows='7' cols='32'>".htmlentities(stripslashes($tagline), ENT_QUOTES)."</textarea></td></tr>"; print "<tr valign='top'><td align='right'><br></td><td><input type='submit' name='UPDATE' value='Update'></td></tr>"; print "</table></form>"; ?> and the config file can look like this... <?php $title = '<h3>\'My\' \"Titles\"</h3>'; $tagline = '\"The\" \'taglines\''; ?> How can this be done please? Link to comment https://forums.phpfreaks.com/topic/121940-escaping-quotes/ Share on other sites More sharing options...
Ken2k7 Posted August 30, 2008 Share Posted August 30, 2008 Instead of adding slashes, do a str_replace. Double quotes can be represented as " and single quotes can be represented as '. So once the data is submitted, use str_replace: Example: $teh_textarea = str_replace(array("\"", "'"), array(""", "'") $teh_textarea_value); Does that help? Link to comment https://forums.phpfreaks.com/topic/121940-escaping-quotes/#findComment-629367 Share on other sites More sharing options...
rarebit Posted August 30, 2008 Author Share Posted August 30, 2008 I wondered along those lines but worried if users wanted to put codes in directly themselves and i'd be converting them out again. Hmmm actually I might see what you mean, i'll have a go... Cheers Link to comment https://forums.phpfreaks.com/topic/121940-escaping-quotes/#findComment-629379 Share on other sites More sharing options...
Ken2k7 Posted August 30, 2008 Share Posted August 30, 2008 I wondered along those lines but worried if users wanted to put codes in directly themselves and i'd be converting them out again. Hmmm actually I might see what you mean, i'll have a go... Cheers It should be fine as well. Link to comment https://forums.phpfreaks.com/topic/121940-escaping-quotes/#findComment-629391 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.