Jump to content


Photo

Prevent Variable Escaping


  • Please log in to reply
2 replies to this topic

#1 xstevey_bx

xstevey_bx
  • Members
  • PipPipPip
  • Advanced Member
  • 34 posts

Posted 22 September 2006 - 05:37 PM

I am trying to create a simple code generator where you enter details in a form and when you click submit the values you entered are writen into the code which changes it to your needs.

The problem is that I have a text box which you are able to write some html. However, whenever I call it in the code any of the " or 's in the code are changed to \" or ..'

<?php
$friendid = $_POST['friends_id'];
$title = $_POST['myspace_title'];
$sideimage = $_POST['url_to_image'];
$aboutme = $_POST['about_me_text'];
$codetext = htmlentities($aboutme);

echo "<textarea rows='5' name='S1' cols='62'>". $codetext ." </textarea>"; ?>

That is a simple version of the code im using with all the variables.

The link to the page is http://www.steveyb.c...side_corporate/

Is there anyway to have any html code typed into "about me" forum box, show up in the PHP without it being escaped?

thanks

#2 wildteen88

wildteen88
  • Staff Alumni
  • Advanced Member
  • 10,482 posts
  • LocationUK, Bournemouth

Posted 22 September 2006 - 05:40 PM

looms like you have magic quotes enabled whcih is why your quotes are being escaped. To stop it from the doing that you should turn magic quotes off by either edting the php.ini if your host allows it or you can do it via the htaccess file.

If you cannot edit the php.ini or use .htaccess files then you can use stripslashes function, which will remove the escape character from the quotes.

#3 xstevey_bx

xstevey_bx
  • Members
  • PipPipPip
  • Advanced Member
  • 34 posts

Posted 22 September 2006 - 06:32 PM

I used the function which you suggested and it worked perfectly thanks :) I just didnt know the terminology to use when searching the net becuase im new to php!

;D




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users