Jump to content

PHP Adding Slashes Without Instruction


maxudaskin

Recommended Posts

I have this page that keeps adding slashes (exponentially) to the $sql var that gets passed on through the hidden text area. I cannot figure out why it does this.

 

Any ideas are appreciated. Thank you.

 

 

<?php
include_once $_SERVER['DOCUMENT_ROOT'] . '/include/login.php';
include_once $_SERVER['DOCUMENT_ROOT'] . '/include/mysql.php';

if(!Login::loggedIn()) {
include $_SERVER['DOCUMENT_ROOT'] . '/include/uploads/pages/login.php';
} else {
function displayForm()
{
	$sql     = 'SELECT * FROM `content` WHERE `contentCallid` = \'' . $_GET['page'] . '\'';
	$con     = $GLOBALS['mysql']->connect();
	$query   = mysql_query($sql, $con);
	$content = mysql_fetch_array($query);

	$content['breadcrumb']     = explode(',', $content['breadcrumb']);
	$content['breadcrumbLink'] = explode(',', $content['breadcrumbLink']);
	$breadcrumb = '';

	for($i = 0; $i < count($content['breadcrumb']); $i++) {
		if($i > 0)
			$breadcrumb .= ',';
		$breadcrumb .= $content['breadcrumbLink'][$i] . '::' . $content['breadcrumb'][$i];
	}

	if(empty($_POST['sql'])) {
		$sql = 'INSERT INTO `contentVersions`
					(`contentCallid` ,
					`contentTitle` ,
					`content` ,
					`views` ,
					`permissionNeeded` ,
					`status` ,
					`version` ,
					`created` ,
					`createdBy` ,
					`lastEdit` ,
					`lastEditBy` ,
					`breadcrumb` ,
					`breadcrumbLink` ,
					`noBreadcrumb` ) 
				VALUES (
					\'' . ($content['contentCallid'])    . '\',
					\'' . ($content['contentTitle'])     . '\',
					\'' . ($content['content'])          . '\',
					\'' . ($content['views'])            . '\',
					\'' . ($content['permissionNeeded']) . '\',
					\'' . ($content['status'])           . '\',
					\'' . ($content['version'])          . '\',
					\'' . ($content['created'])          . '\',
					\'' . ($content['createdBy'])        . '\',
					\'' . ($content['lastEdit'])         . '\',
					\'' . ($content['lastEditBy'])       . '\',
					\'' . ($content['breadcrumb'])       . '\',
					\'' . ($content['breadcrumbLink'])   . '\',
					\'' . ($content['noBreadcrumb'])     . '\');';
		$sql = stripslashes($sql);
	} else {
		$sql = $_POST['sql'];
	}
?>
<form id="loginForm" name="loginForm" method="post" action="index.php?p=editPage&page=<?= $_GET['page']; ?>&ref=editPage">
   <fieldset>
    <legend>Page Settings </legend>
<p>
      <label>Page Title: </label>
      <input name="title" style="width:450px;" id="title" value="<?= $content['contentTitle']; ?>" type="text" />
    </p>
<p>
      <label>Content ID: </label>
      <input name="callid" readonly="readonly" style="width:381px;" id="callid" value="<?= $content['contentCallid']; ?>" type="text" />
   
  <input name="suggestC" type="button" value="Suggest" onclick="suggestCallID('<?= $content['contentCallid']; ?>');" />
    </p>
<p>
      <label>Breadcrumb: </label>
      <input name="breadcrumb" style="width:381px;" id="breadcrumb" value="<?= $breadcrumb; ?>" type="text" />
   
  <input name="suggestBC" type="button" value="Suggest" onclick="suggestBreadcrumb();" /></p>
  </fieldset>
  <textarea name="editPageWYS" id="editPageWYS"><?= $content['content']; ?></textarea>
   <textarea style="visibility:hidden;" name="sql"><?= $sql; ?></textarea>
   <textarea style="visibility:hidden;" name="version"><?= $content['version']; ?></textarea>
   <textarea style="visibility:hidden;" name="contentid"><?= $content['contentid']; ?></textarea>
   <fieldset>
    <legend>Actions</legend>
<p>
  <input name="save" type="submit" value="Save" />
    </p>
  </fieldset>
</form>
<?php
}

if(!empty($_POST['save'])) {
	if(empty($_POST['title']) || empty($_POST['callid'])) {
		echo '<blockquote class="failure">Save not successful. You need to have both a title and content id. Please type in a title then click the "Suggest" button.</blockquote>';
		displayForm();
	} else {
		$time = time();
		$bc   = explode(',', $_POST['breadcrumb']);
		$bcText = array();
		$bcLink = array();

		for($i = 0; $i < count($bc); $i++) {
			$bc[$i]     = explode('::', $bc[$i]);
			$bcLink[$i] = $bc[$i][0];
			$bcText[$i] = $bc[$i][1];
		}

		$bcLink = implode(',', $bcLink);
		$bcText = implode(',', $bcText);

		$con   = $GLOBALS['mysql']->connect();
		$query = mysql_query($_POST['sql'], $con);

		echo $_POST['sql'];
		if(!$query) {
			echo '<blockquote class="failure">Warning: A MySQL error has occured while adding the backup to the database.<p>' . mysql_error() . '</p></blockquote>';
			displayForm();
		}

		$sql = 'UPDATE 	`content` SET
						`content` = \'' . $_POST['editPageWYS'] . '\',
						`breadcrumb` = \'' . $bcText . '\',
						`breadcrumbLink` = \'' . $bcLink . '\',
						`contentCallid` = \'' . $_POST['callid'] . '\',
						`contentTitle` = \'' . $_POST['title'] . '\',
						`version` = \'' . ($_POST['version'] + 1) . '\',
						`lastEdit` = \'' . $time . '\',
						`lastEditBy` = \'' . $_SESSION['username'] . '\'
				WHERE `contentid` = ' . $_POST['contentid'] . ' LIMIT 1 ;';

		$query = mysql_query($sql, $con);
		if(!$query) {
			echo '<blockquote class="failure">MySQL Error<p>' . mysql_error() . '</p></blockquote>';
			displayForm();
		} else {
			echo '<blockquote>Page Successfully Edited<br /><br /><a href="index.php?p=' . $_POST['callid'] . '&ref=newPage">Click Here to View It</a></blockquote>';
		}
	}
} else {
	displayForm();
}
}
?>

 

Link to comment
https://forums.phpfreaks.com/topic/226521-php-adding-slashes-without-instruction/
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.