[SOLVED] Escape Code Problems with " and '

[kalm1234]

Hello all.  I've been trying to learn PHP for a a good while now.  I have made a few projects and have run into a small problem.  Not really a critical problem, but can be slightly annoying.

 

Scenario:  A user fills out a form with "Here's a question for you" somewhere in the form and submits it.  They are redirected to a new page where the input is assigned a variable and the variable is manipulated and written to a file.  On another page, the file is read and the data in it is shown on the page using the echo command.

 

Here's the output on that page:  "Here\'s a question for you".

 

I am not sure why it is showing the "\" before the '.  It also does this in the same manner to ".  Does anyone know why this could be happening?  I am fairly certain it is not a typo as I have rewritten this code several times.  Here's a snippet from the page that is responsible for printing the output:

 

$fw = fopen($pagedata, 'w');

fwrite($fw, $data."<table width=70% valign=top align=center bgcolor=\"white\"

border=3><tr><td><b>".$_SESSION['username']."</b><br><hr>".$post."</td></tr></table><p>'");

fclose($fw);

 

(sorry if it's a little messy)

 

thanks for any help guys =)

[cags]

I'm not certain, but its probably todo with magic_quotes_gpc. To check what the value is either use phpinfo() or manually check your php.ini file. To fix it you could simply turn this setting off. If you don't wish (or are unable) todo this then calling stripslashes on the value you take from the $_POST array, should strip them out before storing to the file. This is of course assuming the slashes are their if you check the file.

[PFMaBiSmAd]

Is the \ present in the file when you open it directly using a programming editor?

 

If the \ is in the file, the problem is because of magic_quotes_gpc being on (the \ was added when the form was submitted.) If the \ is not in the file, the problem is because of magic_quotes_runtime being on (the \ was added when the file was read.)

 

In either case, the best solution is to turn off all the magic_quotes_xxxxx settings if you can (they have been completely removed in php6 due to the problems they cause.) magic_quotes_gpc can only be turned off in the master php.ini. magic_quotes_runtime can be turned off any way you want (from the master php.ini all the way down to a command in your script.)

 

If the issue is due to magic_quotes_gpc and you don't have the ability to turn the setting off, you will need to test if it is on in your code (see get_magic_quotes_gpc) and use stripslashes on the data if the setting is on in order to remove the \.

[kalm1234]

It worked.

 

I turned magic_quotes_gpc off in the PHP.ini file and restarted my server.  The slashes were no longer in the output.

 

Thanks a lot guys. =)