mark007 Posted December 2, 2008 Share Posted December 2, 2008 Hi all, I have a webpage that I need to take large amounts of user text from (can be anything), which can be passed to my php script. This in turn is echoed to screen and will be later sent to another place, but the problem is, I cannot get around the way php treats \ and ' in my input string. Other than these characters, all is fine. If a user enters the following string on the page for example (yes, this is like the worst case scenario, but nothing to stop someone wanting some combination of backslashes or apostrophes) \\\\"\\\\&\\\\'<\\\\>\\\\'\\\'\\'\' then what is displayed is this echo $input_from_page; \\"\\&\\'<\\>\\'\'\'' I know now that this is because of how backslashes and single quotes are handled in php. Has anyone got a nice way to escape this input string before it is used to produce the correct output. I have started with the following lines and played with some combinations of escaping, its close but its not correct. $value=str_replace("'","\'",$value); $value=str_replace("\\","\\\\",$value); Quote Link to comment Share on other sites More sharing options...
Adam Posted December 2, 2008 Share Posted December 2, 2008 Could use "htmlentites($input_from_page, ENT_QUOTES);" ? Adam Quote Link to comment Share on other sites More sharing options...
mark007 Posted December 2, 2008 Author Share Posted December 2, 2008 see i don't want anything escaped or changed in my string, i want an exact copy of what was entered on the page to be printed or sent to another script. Its just that php seems to be automatically removing some of the backslashes from my string on me. I can worry about html entities after I figure out how to stop php removing some characters on me. Quote Link to comment Share on other sites More sharing options...
unkwntech Posted December 2, 2008 Share Posted December 2, 2008 http://www.php.net/addslashes Quote Link to comment Share on other sites More sharing options...
mark007 Posted December 2, 2008 Author Share Posted December 2, 2008 Not quite. I am passing the string to a shell script and simply echoing directly to a file. Manually sending the string to the shell script writes the file perfectly so I know its not at fault. Example string \\\\"\\\\&\\\\'<\\\\>\\\\'\\\'\\'\' vs what my shell script sees after addslashes \\\\\"\\\\&\\\\\'<\\\\>\\\\\'\\\'\\\'\' Its adding more slashes than I would like, like slashes infront of double quotes which arn't a problem, they are getting trasferred fine. Here is my code which might give a better idea of the simple thing I want. // tried this line here // $value=addslashes($value); // but didn't work as too many slashes added that arn't in original, I just need the original string $argument=escapeshellarg($value); $Shell_Command=$HOME."/scripts/write_to_file.sh " . $values["id"] . " " . $argument; shell_exec($Shell_Command); maybe I can tell php to stop removing backslashes on me, and to treat the string I am giving it literally. Quote Link to comment Share on other sites More sharing options...
mark007 Posted December 2, 2008 Author Share Posted December 2, 2008 wow I thought this would be one of the most common escaping problems with php, that is, the automatic single quote and backslash escaping in string variables. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.