jamkelvl Posted January 4, 2010 Share Posted January 4, 2010 Okay I will try to explain this and make it seem as easy as possible. I have a bit of code that opens a file and displays it in a text box. From there, users can edit the text that appears in the text box. The data is then captured in a variable, and re-written to the file. The problem I am having is when the text is re-written it adds slashes wrapping around all double qutoes. For example: <link href="style.css" rel="stylesheet" type="text/css" /> Will become: <link href=\"style.css\" rel=\"stylesheet\" type=\"text/css\" /> I'm sure there is a pretty simple fix.. here is my code: // Check if edit source is on or off if ($sourceStatus == 1) { echo ('<h3>Edit Page Source: '.$title.'</h3>'); // Open file $file = fopen("../".$page.".php","r+") or exit("Unable to open file!"); echo '<p><form action="edit.php?page='.$page.'&source=edit" method="post">'; echo '<input type="hidden" name="updateSource" value="true" />'; echo '<p><textarea rows="20" name="sourceCode" cols="75" id="sourceCode">'; //Output a line of the file until the end is reached while(!feof($file)) { echo fgets($file); } // close file fclose ($file); echo '</textarea></p>'; echo '<button type="submit">Update Page</button>'; echo "<button type="."button"." onclick="."location.href='delete.php?delete=".$page."'".">Delete Page</button>"; echo '</form>'; // if updated re-write file if ($updateSource == true) { // Capture data $sourceCode = $_POST['sourceCode']; // write to the file $file = fopen("../".$page.".php","w+") or exit("Unable to open file!"); fwrite ($file, $sourceCode); fclose ($file); echo "<meta http-equiv='refresh' content='0;URL=edit.php?page=$page'>"; } I am sure there is a pretty simple fix, I remember dealing with stuff like this in programming class in school but not 100%. Any help would be greatly appreciated! Thanks! Quote Link to comment Share on other sites More sharing options...
monkeypaw201 Posted January 4, 2010 Share Posted January 4, 2010 I encountered a similar dilemma a while back and fixed it with a bandaid; Just do a str_replace() right before inserting. I'm sure there is a better way, but it works. // Check if edit source is on or off if ($sourceStatus == 1) { echo ('<h3>Edit Page Source: '.$title.'</h3>'); // Open file $file = fopen("../".$page.".php","r+") or exit("Unable to open file!"); echo '<p><form action="edit.php?page='.$page.'&source=edit" method="post">'; echo '<input type="hidden" name="updateSource" value="true" />'; echo '<p><textarea rows="20" name="sourceCode" cols="75" id="sourceCode">'; //Output a line of the file until the end is reached while(!feof($file)) { echo fgets($file); } // close file fclose ($file); echo '</textarea></p>'; echo '<button type="submit">Update Page</button>'; echo "<button type="."button"." onclick="."location.href='delete.php?delete=".$page."'".">Delete Page</button>"; echo '</form>'; // if updated re-write file if ($updateSource == true) { // Capture data $sourceCode = str_replace("\\","",$_POST['sourceCode']); // write to the file $file = fopen("../".$page.".php","w+") or exit("Unable to open file!"); fwrite ($file, $sourceCode); fclose ($file); echo "<meta http-equiv='refresh' content='0;URL=edit.php?page=$page'>"; } Quote Link to comment Share on other sites More sharing options...
gizmola Posted January 4, 2010 Share Posted January 4, 2010 Sounds like you have magic quotes GPC turned on. Here's the page about it. It sucks, it's deprecated, and scheduled to be removed. Turn it off on your server. Instructions and more information are included here: http://php.net/manual/en/security.magicquotes.php Quote Link to comment Share on other sites More sharing options...
jamkelvl Posted January 4, 2010 Author Share Posted January 4, 2010 I encountered a similar dilemma a while back and fixed it with a bandaid; Just do a str_replace() right before inserting. I'm sure there is a better way, but it works. // Check if edit source is on or off if ($sourceStatus == 1) { echo ('<h3>Edit Page Source: '.$title.'</h3>'); // Open file $file = fopen("../".$page.".php","r+") or exit("Unable to open file!"); echo '<p><form action="edit.php?page='.$page.'&source=edit" method="post">'; echo '<input type="hidden" name="updateSource" value="true" />'; echo '<p><textarea rows="20" name="sourceCode" cols="75" id="sourceCode">'; //Output a line of the file until the end is reached while(!feof($file)) { echo fgets($file); } // close file fclose ($file); echo '</textarea></p>'; echo '<button type="submit">Update Page</button>'; echo "<button type="."button"." onclick="."location.href='delete.php?delete=".$page."'".">Delete Page</button>"; echo '</form>'; // if updated re-write file if ($updateSource == true) { // Capture data $sourceCode = str_replace("\\","",$_POST['sourceCode']); // write to the file $file = fopen("../".$page.".php","w+") or exit("Unable to open file!"); fwrite ($file, $sourceCode); fclose ($file); echo "<meta http-equiv='refresh' content='0;URL=edit.php?page=$page'>"; } Thanks! Great solution for now, might be a bit slow in the long run but will do! Quote Link to comment Share on other sites More sharing options...
gizmola Posted January 4, 2010 Share Posted January 4, 2010 It's actually a really bad solution, and one that you will find very problematic depending on the content in your pages. How about confronting the source of your problems -- why is magic_quotes_gpc turned on, when it has been off by default for many years now? Are you able to turn it off on your server? If so, why don't you do that rather than looking for bandaids that can easily turn your data into garbage? Quote Link to comment Share on other sites More sharing options...
Catfish Posted January 4, 2010 Share Posted January 4, 2010 if you do use the bandaid, you might want to make it replace occurences of 'slash double quote' (\") with nothing instead of replacing all slashes with nothing. Probably use stripslashes() or something. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.