Jump to content


Photo

Avoiding \ before ' or "


  • Please log in to reply
11 replies to this topic

#1 JabsBlog

JabsBlog
  • New Members
  • Pip
  • Newbie
  • 8 posts

Posted 04 July 2006 - 11:36 PM

On this page I have info that is submitted to a DB and it also ouputs information to a file.

When I view the file that was created... The section where it states You are replying to $name... will display a \ before the ' or "

I have tryed to use the stripslashes and that works for the information that is pulled from the Database. However the var that I am calling is not from the Database ... it is from the previous form, and does not seem to be working in the file that was created.

I am not sure what to put in my file that is created .. so when I display $name it will not have a \ before the quotes.

<?
include("../db.php");

$url = $_POST['url'];
$name = $_POST['name'];
$reason = $_POST['reason'];
$blog_id = $_POST['blog_id'];
$childpage = "$blog_id.php";
$handle = fopen("../../articles/$childpage", 'x+');
$htmlpage = "<html>
<head>
<title>BlogLink :: Democratic Blogging</title>
<link rel=\"stylesheet\" type=\"text/css\" href=\"../../styles/index.css\" />
<script language=\"JavaScript\" type=\"text/javascript\">
<!--
function submit ( selectedtype )
{
  document.childsubmit.child_id.value = selectedtype ;
  document.childsubmit.submit() ;
}
-->
</script>
</head>
<body>
<?php 
include(\"../db.php\");

mysql_connect(localhost,\$username,\$password);
@mysql_select_db(\$database) or die( \"Unable to select database\");
\$query = \"SELECT * FROM child_post WHERE child_id=$blog_id ORDER by id DESC\";
\$result = mysql_query(\$query);
\$num = mysql_numrows(\$result);

mysql_close();
?><div id=\"wrapper\">
<div id=\"ad\">
<a href=\"../index.php\"><img src=\"../../images/header.jpg\" alt=\"BlogLink\" border=\"0\"/></a>
<br /><img src=\"../images/addemo.jpg\"/></div>
<div id=\"addto\">
<ul id=\"navlist1\">
<li>Get the feed:</li>
<li id=\"active1\"><a href=\"http://feeds.my.aol.com/add.jsp?url=http%3A//www.bloglink.com/rss.xml\" id=\"current1\">MyAOL</a></li>
<li><a href=\"http://fusion.google.com/add?feedurl=http://www.bloglink.com/rss.xml\">Google</a></li>
<li><a href=\"http://add.my.yahoo.com/rss?url=http://www.bloglink.com/rss.xml\">Yahoo</a></li>
<li><a href=\"http://www.bloglines.com/sub/http://www.bloglink.com/rss.xml\">Bloglines</a></li>
<li><a href=\"http://www.bloglink.com/rss.xml\"><img src=\"images/xml.gif\" alt=\"xml\" border=\"0\" /></a></li>
</ul>
</div>
<div id=\"navcontainer\">
<ul id=\"navlist\">
<li id=\"active\">
<li><a href=\"../index.php\">Home</a></li>
<li><a href=\"../submit.php\">Submit Story</a></li>
<!-- When it's done <li><a href=\"categories.html\">Categories</a></li> -->
<li><a href=\"../faq.html\">FAQ</a></li>
<li><a href=\"../about.html\">About</a></li>
<li><a href=\"../contact.php\">Contact Us</a></li>
</ul>
</div>
<div id=\"content\">

<?php 
\$name = stripslashes(\$name);
\$reason = stripslashes(\$reason);
\$i=0;
while (\$i < \$num) {
\$url = mysql_result(\$result,\$i,\"url\");
\$name = mysql_result(\$result,\$i,\"name\");
\$reason = mysql_result(\$result,\$i,\"reason\");
?>

<div id=\"parent\"><a href=\"<? echo \$url; ?>\"><? echo \$name; ?></a></div>
<div id=\"snippet\"><?php echo \$reason; ?></div>
<a href=\"aim:goim?message=<? echo \$url; ?>\"><img src=\"images/offline.gif\" alt=\"IM this article\" border=\"0\" /></a>
<br /><br />
<?php \$i++;
}
?>
<!-- Submit fields -->
<hr />
<strong>You are replying to: $name</strong>
<form action=\"../scripts/childAdd.php\" method=\"post\">
<table border=\"0\" cellpadding=\"5\">
<tr>
<td align=\"right\"><strong>Your Article URL:</strong></td>
<td><input type=\"text\" name=\"url\" size=\"70\" /></td>
</tr>
<tr>
<td align=\"right\"><strong>Your Article Name:</strong></td>
<td><input type=\"text\" name=\"name\" size=\"70\" /></td>
</tr>
<tr>
<td align=\"right\"><strong>Your Summary:</strong></td>
<td><textarea name=\"reason\" rows=\"3\" cols=\"70\"></textarea></td>
</tr>
<tr>
<td></td>
<td align=\"right\"><input type=\"submit\" value=\"Submit Article\" /></td>
</tr>
</table>
<input type=\"hidden\" value=\"$blog_id\" name=\"child_id\" />
</form>
<p class=\"copyright\">Copyright 2006 &copy; BlogLink</p>
</div>
</div>
</body>
</html>";

fwrite ($handle, $htmlpage);
fclose;

mysql_connect(localhost,$username,$password);
@mysql_select_db($database) or die( "Unable to select database");

$query = "INSERT INTO approved VALUES ('','$blog_id','$url','$name','$reason')";
mysql_query($query);

mysql_close();
header("Location: ../../index.php");
die;
?>


#2 trq

trq
  • Staff Alumni
  • Advanced Member
  • 31,041 posts

Posted 04 July 2006 - 11:56 PM

This code should be throwing errors all over the place, you have backslashes everywhere.

example...
mysql_connect(localhost,\$username,\$password);
Why are there backslashes before $username and $password?

#3 JabsBlog

JabsBlog
  • New Members
  • Pip
  • Newbie
  • 8 posts

Posted 05 July 2006 - 12:02 AM

This code should be throwing errors all over the place, you have backslashes everywhere.

example...

mysql_connect(localhost,\$username,\$password);
Why are there backslashes before $username and $password?


Everything after the fopen is not pharsed.. it is all written to a file.

I am writing this information to a file .. using the \ before the $ will allow the file to create the $var .. if I didn't put the \ before the $ .. it would just display var.



So the output file looks like this ..

<html>
<head>
<title>BlogLink :: Democratic Blogging</title>
<link rel="stylesheet" type="text/css" href="../../styles/index.css" />
<script language="JavaScript" type="text/javascript">
<!--
function submit ( selectedtype )
{
  document.childsubmit.child_id.value = selectedtype ;
  document.childsubmit.submit() ;
}
-->
</script>
</head>
<body>
<?php 
include("../db.php");

mysql_connect(localhost,$username,$password);
@mysql_select_db($database) or die( "Unable to select database");
$query = "SELECT * FROM child_post WHERE child_id=2118124293 ORDER by id DESC";
$result = mysql_query($query);
$num = mysql_numrows($result);

mysql_close();
?><div id="wrapper">
<div id="ad">
<a href="../index.php"><img src="../../images/header.jpg" alt="BlogLink" border="0"/></a>
<br /><img src="../images/addemo.jpg"/></div>
<div id="addto">
<ul id="navlist1">
<li>Get the feed:</li>
<li id="active1"><a href="http://feeds.my.aol.com/add.jsp?url=http%3A//www.bloglink.com/rss.xml" id="current1">MyAOL</a></li>
<li><a href="http://fusion.google.com/add?feedurl=http://www.bloglink.com/rss.xml">Google</a></li>
<li><a href="http://add.my.yahoo.com/rss?url=http://www.bloglink.com/rss.xml">Yahoo</a></li>
<li><a href="http://www.bloglines.com/sub/http://www.bloglink.com/rss.xml">Bloglines</a></li>
<li><a href="http://www.bloglink.com/rss.xml"><img src="images/xml.gif" alt="xml" border="0" /></a></li>
</ul>
</div>
<div id="navcontainer">
<ul id="navlist">
<li id="active">
<li><a href="../index.php">Home</a></li>
<li><a href="../submit.php">Submit Story</a></li>
<!-- When it's done <li><a href="categories.html">Categories</a></li> -->
<li><a href="../faq.html">FAQ</a></li>
<li><a href="../about.html">About</a></li>
<li><a href="../contact.php">Contact Us</a></li>
</ul>
</div>
<div id="content">

<?php $i=0;
while ($i < $num) {
$url = mysql_result($result,$i,"url");
$name = mysql_result($result,$i,"name");
$reason = mysql_result($result,$i,"reason");

$name = stripslashes($name);
$reason = stripslashes($reason);

?>

<div id="parent"><a href="<? echo $url; ?>"><? echo $name; ?></a></div>
<div id="snippet"><?php echo $reason; ?></div>
<a href="aim:goim?message=<? echo $url; ?>"><img src="images/offline.gif" alt="IM this article" border="0" /></a>
<br /><br />
<?php $i++;
}
?>
<!-- Submit fields -->
<hr />
<strong>You are replying to: Test 1 with a\'in between and also \"around\" and with-a-hyphen 4</strong>
<form action="../scripts/childAdd.php" method="post">
<table border="0" cellpadding="5">
<tr>
<td align="right"><strong>Your Article URL:</strong></td>
<td><input type="text" name="url" size="70" /></td>
</tr>
<tr>
<td align="right"><strong>Your Article Name:</strong></td>
<td><input type="text" name="name" size="70" /></td>
</tr>
<tr>
<td align="right"><strong>Your Summary:</strong></td>
<td><textarea name="reason" rows="3" cols="70"></textarea></td>
</tr>
<tr>
<td></td>
<td align="right"><input type="submit" value="Submit Article" /></td>
</tr>
</table>
<input type="hidden" value="2118124293" name="child_id" />
</form>
<p class="copyright">Copyright 2006 &copy; BlogLink</p>
</div>
</div>
</body>
</html>


#4 trq

trq
  • Staff Alumni
  • Advanced Member
  • 31,041 posts

Posted 05 July 2006 - 12:11 AM

Now I see what your doing, though the why eludes me.

You have quite a few spots in the file where you need to escape double quotes. eg;
include("../db.php\");
should be...
include(\"../db.php\");
And
$url = mysql_result($result,$i,"url\");
needs to be...
$url = mysql_result($result,$i,\"url\");
Im sure there is more, but you get the point.

#5 JabsBlog

JabsBlog
  • New Members
  • Pip
  • Newbie
  • 8 posts

Posted 05 July 2006 - 03:44 AM

Now I see what your doing, though the why eludes me.

You have quite a few spots in the file where you need to escape double quotes. eg;

include("../db.php\");
should be...
include(\"../db.php\");
And
$url = mysql_result($result,$i,"url\");
needs to be...
$url = mysql_result($result,$i,\"url\");
Im sure there is more, but you get the point.


humm I dont think that is i rechecked my code an im not missing any \

<?
include("../db.php");

$url = $_POST['url'];
$name = $_POST['name'];
$reason = $_POST['reason'];
$blog_id = $_POST['blog_id'];
$childpage = "$blog_id.php";
$handle = fopen("../../articles/$childpage", 'x+');
$htmlpage = "<html>
<head>
<title>BlogLink :: Democratic Blogging</title>
<link rel=\"stylesheet\" type=\"text/css\" href=\"../../styles/index.css\" />
<script language=\"JavaScript\" type=\"text/javascript\">
<!--
function submit ( selectedtype )
{
  document.childsubmit.child_id.value = selectedtype ;
  document.childsubmit.submit() ;
}
-->
</script>
</head>
<body>
<?php 
include(\"../db.php\");

mysql_connect(localhost,\$username,\$password);
@mysql_select_db(\$database) or die( \"Unable to select database\");
\$query = \"SELECT * FROM child_post WHERE child_id=$blog_id ORDER by id DESC\";
\$result = mysql_query(\$query);
\$num = mysql_numrows(\$result);

mysql_close();
?><div id=\"wrapper\">
<div id=\"ad\">
<a href=\"../index.php\"><img src=\"../../images/header.jpg\" alt=\"BlogLink\" border=\"0\"/></a>
<br /><img src=\"../images/addemo.jpg\"/></div>
<div id=\"addto\">
<ul id=\"navlist1\">
<li>Get the feed:</li>
<li id=\"active1\"><a href=\"http://feeds.my.aol.com/add.jsp?url=http%3A//www.bloglink.com/rss.xml\" id=\"current1\">MyAOL</a></li>
<li><a href=\"http://fusion.google.com/add?feedurl=http://www.bloglink.com/rss.xml\">Google</a></li>
<li><a href=\"http://add.my.yahoo.com/rss?url=http://www.bloglink.com/rss.xml\">Yahoo</a></li>
<li><a href=\"http://www.bloglines.com/sub/http://www.bloglink.com/rss.xml\">Bloglines</a></li>
<li><a href=\"http://www.bloglink.com/rss.xml\"><img src=\"images/xml.gif\" alt=\"xml\" border=\"0\" /></a></li>
</ul>
</div>
<div id=\"navcontainer\">
<ul id=\"navlist\">
<li id=\"active\">
<li><a href=\"../index.php\">Home</a></li>
<li><a href=\"../submit.php\">Submit Story</a></li>
<!-- When it's done <li><a href=\"categories.html\">Categories</a></li> -->
<li><a href=\"../faq.html\">FAQ</a></li>
<li><a href=\"../about.html\">About</a></li>
<li><a href=\"../contact.php\">Contact Us</a></li>
</ul>
</div>
<div id=\"content\">

<?php 
\$name = stripslashes(\$name);
\$reason = stripslashes(\$reason);
\$i=0;
while (\$i < \$num) {
\$url = mysql_result(\$result,\$i,\"url\");
\$name = mysql_result(\$result,\$i,\"name\");
\$reason = mysql_result(\$result,\$i,\"reason\");
?>

<div id=\"parent\"><a href=\"<? echo \$url; ?>\"><? echo \$name; ?></a></div>
<div id=\"snippet\"><?php echo \$reason; ?></div>
<a href=\"aim:goim?message=<? echo \$url; ?>\"><img src=\"images/offline.gif\" alt=\"IM this article\" border=\"0\" /></a>
<br /><br />
<?php \$i++;
}
?>
<!-- Submit fields -->
<hr />
<strong>You are replying to: $name</strong>
<form action=\"../scripts/childAdd.php\" method=\"post\">
<table border=\"0\" cellpadding=\"5\">
<tr>
<td align=\"right\"><strong>Your Article URL:</strong></td>
<td><input type=\"text\" name=\"url\" size=\"70\" /></td>
</tr>
<tr>
<td align=\"right\"><strong>Your Article Name:</strong></td>
<td><input type=\"text\" name=\"name\" size=\"70\" /></td>
</tr>
<tr>
<td align=\"right\"><strong>Your Summary:</strong></td>
<td><textarea name=\"reason\" rows=\"3\" cols=\"70\"></textarea></td>
</tr>
<tr>
<td></td>
<td align=\"right\"><input type=\"submit\" value=\"Submit Article\" /></td>
</tr>
</table>
<input type=\"hidden\" value=\"$blog_id\" name=\"child_id\" />
</form>
<p class=\"copyright\">Copyright 2006 &copy; BlogLink</p>
</div>
</div>
</body>
</html>";

fwrite ($handle, $htmlpage);
fclose;

mysql_connect(localhost,$username,$password);
@mysql_select_db($database) or die( "Unable to select database");

$query = "INSERT INTO approved VALUES ('','$blog_id','$url','$name','$reason')";
mysql_query($query);

mysql_close();
header("Location: ../../index.php");
die;
?>



#6 trq

trq
  • Staff Alumni
  • Advanced Member
  • 31,041 posts

Posted 05 July 2006 - 04:14 AM

Then.. can you explain why the last " in this line has a backslash but not the first?

include("../db.php\");


#7 JabsBlog

JabsBlog
  • New Members
  • Pip
  • Newbie
  • 8 posts

Posted 05 July 2006 - 04:25 AM

Then.. can you explain why the last " in this line has a backslash but not the first?

include("../db.php\");


Thats weird .. when I post it here it is there .. but for some reason its not there after I submit .. If I do a preview it disappears. too .. Trust me I have trippled checked it and I am not missing any  \ in the code.

I don't know but for reasons unknown the code changes after I submit it here .. so I have the code on my site .. you can viewit here ..

http://test.imanass....ogLink/code.txt




#8 kenrbnsn

kenrbnsn
  • Staff Alumni
  • Advanced Member
  • 8,235 posts
  • LocationHillsborough, NJ, USA

Posted 05 July 2006 - 04:27 AM

You are also missing some backslashes infront of some $.

Why don't you run your code, and then try to run the resulting file. The errors in your resulting file will show you where you have errors in the generating script.

If I were writing this code, I would replace the long string with escaped characters all over with the following:
<?php
$tmp = array();
$tmp[] = '<html>';
$tmp[] = '<head>';
$tmp[] = '<title>BlogLink :: Democratic Blogging</title>';
$tmp[] = '<link rel="stylesheet" type="text/css" href="../../styles/index.css" />';
$tmp[] = '<script language="JavaScript" type="text/javascript">';
$tmp[] = '<!--';
$tmp[] = 'function submit ( selectedtype )';
$tmp[] = '{';
$tmp[] = '  document.childsubmit.child_id.value = selectedtype ;';
$tmp[] = '  document.childsubmit.submit() ;';
$tmp[] = '}';
$tmp[] = '-->';
$tmp[] = '</script>';
$tmp[] = '</head>';
$tmp[] = '<body>';
$tmp[] = '<?php';
$tmp[] = 'include("../db.php");';
$tmp[] = '';
$tmp[] = 'mysql_connect(localhost,$username,$password);';
$tmp[] = '@mysql_select_db($database) or die( "Unable to select database");';
$tmp[] = '$query = "SELECT * FROM child_post WHERE child_id=$blog_id ORDER by id DESC";';
$tmp[] = '$result = mysql_query($query);';
$tmp[] = '$num = mysql_numrows($result);';
$tmp[] = '';
$tmp[] = 'mysql_close();';
$tmp[] = '?><div id="wrapper">';
$tmp[] = '<div id="ad">';
$tmp[] = '<a href="../index.php"><img src="../../images/header.jpg" alt="BlogLink" border="0"/></a>';
$tmp[] = '<br /><img src="../images/addemo.jpg"/></div>';
$tmp[] = '<div id="addto">';
$tmp[] = '<ul id="navlist1">';
$tmp[] = '<li>Get the feed:</li>';
$tmp[] = '<li id="active1"><a href="http://feeds.my.aol.com/add.jsp?url=http%3A//www.bloglink.com/rss.xml" id="current1">MyAOL</a></li>';
$tmp[] = '<li><a href="http://fusion.google.com/add?feedurl=http://www.bloglink.com/rss.xml">Google</a></li>';
$tmp[] = '<li><a href="http://add.my.yahoo.com/rss?url=http://www.bloglink.com/rss.xml">Yahoo</a></li>';
$tmp[] = '<li><a href="http://www.bloglines.com/sub/http://www.bloglink.com/rss.xml">Bloglines</a></li>';
$tmp[] = '<li><a href="http://www.bloglink.com/rss.xml"><img src="images/xml.gif" alt="xml" border="0" /></a></li>';
$tmp[] = '</ul>';
$tmp[] = '</div>';
$tmp[] = '<div id="navcontainer">';
$tmp[] = '<ul id="navlist">';
$tmp[] = '<li id="active">';
$tmp[] = '<li><a href="../index.php">Home</a></li>';
$tmp[] = '<li><a href="../submit.php">Submit Story</a></li>';
$tmp[] = '<!-- When it\'s done <li><a href="categories.html">Categories</a></li> -->'; // only line with an escaped character
$tmp[] = '<li><a href="../faq.html">FAQ</a></li>';
$tmp[] = '<li><a href="../about.html">About</a></li>';
$tmp[] = '<li><a href="../contact.php">Contact Us</a></li>';
$tmp[] = '</ul>';
$tmp[] = '</div>';
$tmp[] = '<div id="content">';
$tmp[] = '';
$tmp[] = '<?php ';
$tmp[] = '$name = stripslashes($name);';
$tmp[] = '$reason = stripslashes($reason);';
$tmp[] = '$i=0;';
$tmp[] = 'while ($i < $num) {';
$tmp[] = '$url = mysql_result($result,$i,"url");';
$tmp[] = '$name = mysql_result($result,$i,"name");';
$tmp[] = '$reason = mysql_result($result,$i,"reason");';
$tmp[] = '?>';
$tmp[] = '';
$tmp[] = '<div id="parent"><a href="<? echo $url; ?>"><? echo $name; ?></a></div>';
$tmp[] = '<div id="snippet"><?php echo $reason; ?></div>';
$tmp[] = '<a href="aim:goim?message=<? echo $url; ?>"><img src="images/offline.gif" alt="IM this article" border="0" /></a>';
$tmp[] = '<br /><br />';
$tmp[] = '<?php $i++;';
$tmp[] = '}';
$tmp[] = '?>';
$tmp[] = '<!-- Submit fields -->';
$tmp[] = '<hr />';
$tmp[] = '<strong>You are replying to: $name</strong>';
$tmp[] = '<form action="../scripts/childAdd.php" method="post">';
$tmp[] = '<table border="0" cellpadding="5">';
$tmp[] = '<tr>';
$tmp[] = '<td align="right"><strong>Your Article URL:</strong></td>';
$tmp[] = '<td><input type="text" name="url" size="70" /></td>';
$tmp[] = '</tr>';
$tmp[] = '<tr>';
$tmp[] = '<td align="right"><strong>Your Article Name:</strong></td>';
$tmp[] = '<td><input type="text" name="name" size="70" /></td>';
$tmp[] = '</tr>';
$tmp[] = '<tr>';
$tmp[] = '<td align="right"><strong>Your Summary:</strong></td>';
$tmp[] = '<td><textarea name="reason" rows="3" cols="70"></textarea></td>';
$tmp[] = '</tr>';
$tmp[] = '<tr>';
$tmp[] = '<td></td>';
$tmp[] = '<td align="right"><input type="submit" value="Submit Article" /></td>';
$tmp[] = '</tr>';
$tmp[] = '</table>';
$tmp[] = '<input type="hidden" value="$blog_id" name="child_id" />';
$tmp[] = '</form>';
$tmp[] = '<p class="copyright">Copyright 2006 &copy; BlogLink</p>';
$tmp[] = '</div>';
$tmp[] = '</div>';
$tmp[] = '</body>';
$tmp[] = '</html>';

fwrite ($handle, implode("\n",$tmp)."\n");
?>

You'll notice that I am eclosing all strings with single quotes. That prevents PHP from expanding $variables and eliminates the need to escape double quotes and $.

I put all of the strings into an array. I then use the implode() function to put line break characters between each line when writing the lines to the file.

Ken

#9 trq

trq
  • Staff Alumni
  • Advanced Member
  • 31,041 posts

Posted 05 July 2006 - 04:31 AM

Must be the php highlighting toying with it then.

When I view the file that was created... The section where it states You are replying to $name...  will display a \ before the ' or "

Which ' or " are you talking about?

Can you paste the actual file created? Put it in [ code ] [ / code ] brackets.

Also... I have to ask. Why exactly are you doing this? It jsut doesn't make allot of sense to me?

#10 JabsBlog

JabsBlog
  • New Members
  • Pip
  • Newbie
  • 8 posts

Posted 05 July 2006 - 04:58 AM

Must be the php highlighting toying with it then.

When I view the file that was created... The section where it states You are replying to $name...  will display a \ before the ' or "

Which ' or " are you talking about?

Can you paste the actual file created? Put it in [ code ] [ / code ] brackets.

Also... I have to ask. Why exactly are you doing this? It jsut doesn't make allot of sense to me?


I am new to php and am working on a project to have the ability to submit a Link .. and once that link is submitted it goes to the admin to be Approved, check for a junk post, .. Once approved the form will submit to the engine above that writes the info to a db, and at the same time  creates a 'child' page that will allow people to post a child post to the partent post.

Im sure I have gone about this the long way .. but like I said Im new to PHP and don't know very much. This is just the vision we saw and I have been trying to do whateve I can to write the code.

Here is the file that is created after 'approved' by the admin which runs through the engine above.

<html>
<head>
<title>BlogLink :: Democratic Blogging</title>
<link rel="stylesheet" type="text/css" href="../../styles/index.css" />
<script language="JavaScript" type="text/javascript">
<!--
function submit ( selectedtype )
{
  document.childsubmit.child_id.value = selectedtype ;
  document.childsubmit.submit() ;
}
-->
</script>
</head>
<body>
<?php 
include("../db.php");

mysql_connect(localhost,$username,$password);
@mysql_select_db($database) or die( "Unable to select database");
$query = "SELECT * FROM child_post WHERE child_id=868120921 ORDER by id DESC";
$result = mysql_query($query);
$num = mysql_numrows($result);

mysql_close();
?><div id="wrapper">
<div id="ad">
<a href="../index.php"><img src="../../images/header.jpg" alt="BlogLink" border="0"/></a>
<br /><img src="../images/addemo.jpg"/></div>
<div id="addto">
<ul id="navlist1">
<li>Get the feed:</li>
<li id="active1"><a href="http://feeds.my.aol.com/add.jsp?url=http://www.bloglink.com/rss.xml" id="current1">MyAOL</a></li>
<li><a href="http://fusion.google.com/add?feedurl=http://www.bloglink.com/rss.xml">Google</a></li>
<li><a href="http://add.my.yahoo.com/rss?url=http://www.bloglink.com/rss.xml">Yahoo</a></li>
<li><a href="http://www.bloglines.com/sub/http://www.bloglink.com/rss.xml">Bloglines</a></li>
<li><a href="http://www.bloglink.com/rss.xml"><img src="images/xml.gif" alt="xml" border="0" /></a></li>
</ul>
</div>
<div id="navcontainer">
<ul id="navlist">
<li id="active">
<li><a href="../index.php">Home</a></li>
<li><a href="../submit.php">Submit Story</a></li>
<!-- When it's done <li><a href="categories.html">Categories</a></li> -->
<li><a href="../faq.html">FAQ</a></li>
<li><a href="../about.html">About</a></li>
<li><a href="../contact.php">Contact Us</a></li>
</ul>
</div>
<div id="content">

<?php 
$name = stripslashes($name);
$reason = stripslashes($reason);
$i=0;
while ($i < $num) {
$url = mysql_result($result,$i,"url");
$name = mysql_result($result,$i,"name");
$reason = mysql_result($result,$i,"reason");
?>

<div id="parent"><a href="<? echo $url; ?>"><? echo $name; ?></a></div>
<div id="snippet"><?php echo $reason; ?></div>
<a href="aim:goim?message=<? echo $url; ?>"><img src="images/offline.gif" alt="IM this article" border="0" /></a>
<br /><br />
<?php $i++;
}
?>
<!-- Submit fields -->
<hr />
<strong>You are replying to: Test 1 with a\'in between and also \"around\" and with-a-hyphen</strong>
<form action="../scripts/childAdd.php" method="post">
<table border="0" cellpadding="5">
<tr>
<td align="right"><strong>Your Article URL:</strong></td>
<td><input type="text" name="url" size="70" /></td>
</tr>
<tr>
<td align="right"><strong>Your Article Name:</strong></td>
<td><input type="text" name="name" size="70" /></td>
</tr>
<tr>
<td align="right"><strong>Your Summary:</strong></td>
<td><textarea name="reason" rows="3" cols="70"></textarea></td>
</tr>
<tr>
<td></td>
<td align="right"><input type="submit" value="Submit Article" /></td>
</tr>
</table>
<input type="hidden" value="868120921" name="child_id" />
</form>
<p class="copyright">Copyright 2006 &copy; BlogLink</p>
</div>
</div>
</body>
</html>


As you can see in this line .. <strong>You are replying to: Test 1 with a\'in between and also \"around\" and with-a-hyphen</strong>

it is putting in a \ before a ' and before a "

#11 JabsBlog

JabsBlog
  • New Members
  • Pip
  • Newbie
  • 8 posts

Posted 05 July 2006 - 05:09 AM

You are also missing some backslashes infront of some $.

Why don't you run your code, and then try to run the resulting file. The errors in your resulting file will show you where you have errors in the generating script.

If I were writing this code, I would replace the long string with escaped characters all over with the following:


I implemented this code .. thank you for taking time to write it .. I have 2 issues with it however..

1. $tmp[] = '$query = "SELECT * FROM child_post WHERE child_id=$blog_id ORDER by id DESC";'; < - On this line where is says child_id=$blog_id .. the blog_id needs to be implemented here .. instead in the file that is created it just says child_id=$blog_id .. instead of child_id=(  the ID that was brought over from the previous form ) 

2. $tmp[] = '<strong>You are replying to: $name</strong>'; < -- On this line .. it states You are replying to: $name .. on the page that is created it says that same phrase .. Its not getting the $name variable from the previous form. Like it was before but it just was including a \ before ' and before "

#12 trq

trq
  • Staff Alumni
  • Advanced Member
  • 31,041 posts

Posted 05 July 2006 - 05:23 AM

I am new to php and am working on a project to have the ability to submit a Link .. and once that link is submitted it goes to the admin to be Approved, check for a junk post, .. Once approved the form will submit to the engine above that writes the info to a db, and at the same time  creates a 'child' page that will allow people to post a child post to the partent post.

Honestly... you have gone about this completely the wrong way. Do you think this forum creates a new php page for each new thread? A simple solution is to keep only what is required in the database, make one php file to display specific data when it is called upon.

Im not sure... I cant write an entire tutorial here, but I can tell you the way your going about it is completely overcomplicated and unnescesary. Maybe find a tutorial on a simple blog system and work from there.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users