Jump to content

Recommended Posts

Hi all,

 

I have a webpage that I need to take large amounts of user text from (can be anything), which can be passed to my php script. This in turn is echoed to screen and will be later sent to another place, but the problem is, I cannot get around the way php treats \ and ' in my input string. Other than these characters, all is fine.

 

If a user enters the following string on the page for example (yes, this is like the worst case scenario, but nothing to stop someone wanting some combination of backslashes or apostrophes)

 

\\\\"\\\\&\\\\'<\\\\>\\\\'\\\'\\'\'

 

then what is displayed is this

 

echo $input_from_page;

 

\\"\\&\\'<\\>\\'\'\''

 

I know now that this is because of how backslashes and single quotes are handled in php. Has anyone got a nice way to escape this input string before it is used to produce the correct output.

 

I have started with the following lines and played with some combinations of escaping, its close but its not correct.

 

$value=str_replace("'","\'",$value);

$value=str_replace("\\","\\\\",$value);

 

Link to comment
https://forums.phpfreaks.com/topic/135177-escaping-strings-problem/
Share on other sites

see i don't want anything escaped or changed in my string, i want an exact copy of what was entered on the page to be printed or sent to another script.

 

Its just that php seems to be automatically removing some of the backslashes from my string on me. I can worry about html entities after I figure out how to stop php removing some characters on me.

Not quite. I am passing the string to a shell script and simply echoing directly to a file. Manually sending the string to the shell script writes the file perfectly so I know its not at fault.

 

Example string

 

\\\\"\\\\&\\\\'<\\\\>\\\\'\\\'\\'\'

 

vs what my shell script sees after addslashes

 

\\\\\"\\\\&\\\\\'<\\\\>\\\\\'\\\'\\\'\'

 

Its adding more slashes than I would like, like slashes infront of double quotes which arn't a problem, they are getting trasferred fine.

 

Here is my code which might give a better idea of the simple thing I want.

 

 

 

// tried this line here
// $value=addslashes($value);
// but didn't work as too many slashes added that arn't in original, I just need the original string

$argument=escapeshellarg($value);

$Shell_Command=$HOME."/scripts/write_to_file.sh " . $values["id"] . " " . $argument;
shell_exec($Shell_Command);

 

maybe I can tell php to stop removing backslashes on me, and to treat the string I am giving it literally.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.