maxudaskin Posted February 3, 2011 Share Posted February 3, 2011 I have this page that keeps adding slashes (exponentially) to the $sql var that gets passed on through the hidden text area. I cannot figure out why it does this. Any ideas are appreciated. Thank you. <?php include_once $_SERVER['DOCUMENT_ROOT'] . '/include/login.php'; include_once $_SERVER['DOCUMENT_ROOT'] . '/include/mysql.php'; if(!Login::loggedIn()) { include $_SERVER['DOCUMENT_ROOT'] . '/include/uploads/pages/login.php'; } else { function displayForm() { $sql = 'SELECT * FROM `content` WHERE `contentCallid` = \'' . $_GET['page'] . '\''; $con = $GLOBALS['mysql']->connect(); $query = mysql_query($sql, $con); $content = mysql_fetch_array($query); $content['breadcrumb'] = explode(',', $content['breadcrumb']); $content['breadcrumbLink'] = explode(',', $content['breadcrumbLink']); $breadcrumb = ''; for($i = 0; $i < count($content['breadcrumb']); $i++) { if($i > 0) $breadcrumb .= ','; $breadcrumb .= $content['breadcrumbLink'][$i] . '::' . $content['breadcrumb'][$i]; } if(empty($_POST['sql'])) { $sql = 'INSERT INTO `contentVersions` (`contentCallid` , `contentTitle` , `content` , `views` , `permissionNeeded` , `status` , `version` , `created` , `createdBy` , `lastEdit` , `lastEditBy` , `breadcrumb` , `breadcrumbLink` , `noBreadcrumb` ) VALUES ( \'' . ($content['contentCallid']) . '\', \'' . ($content['contentTitle']) . '\', \'' . ($content['content']) . '\', \'' . ($content['views']) . '\', \'' . ($content['permissionNeeded']) . '\', \'' . ($content['status']) . '\', \'' . ($content['version']) . '\', \'' . ($content['created']) . '\', \'' . ($content['createdBy']) . '\', \'' . ($content['lastEdit']) . '\', \'' . ($content['lastEditBy']) . '\', \'' . ($content['breadcrumb']) . '\', \'' . ($content['breadcrumbLink']) . '\', \'' . ($content['noBreadcrumb']) . '\');'; $sql = stripslashes($sql); } else { $sql = $_POST['sql']; } ?> <form id="loginForm" name="loginForm" method="post" action="index.php?p=editPage&page=<?= $_GET['page']; ?>&ref=editPage"> <fieldset> <legend>Page Settings </legend> <p> <label>Page Title: </label> <input name="title" style="width:450px;" id="title" value="<?= $content['contentTitle']; ?>" type="text" /> </p> <p> <label>Content ID: </label> <input name="callid" readonly="readonly" style="width:381px;" id="callid" value="<?= $content['contentCallid']; ?>" type="text" /> <input name="suggestC" type="button" value="Suggest" onclick="suggestCallID('<?= $content['contentCallid']; ?>');" /> </p> <p> <label>Breadcrumb: </label> <input name="breadcrumb" style="width:381px;" id="breadcrumb" value="<?= $breadcrumb; ?>" type="text" /> <input name="suggestBC" type="button" value="Suggest" onclick="suggestBreadcrumb();" /></p> </fieldset> <textarea name="editPageWYS" id="editPageWYS"><?= $content['content']; ?></textarea> <textarea style="visibility:hidden;" name="sql"><?= $sql; ?></textarea> <textarea style="visibility:hidden;" name="version"><?= $content['version']; ?></textarea> <textarea style="visibility:hidden;" name="contentid"><?= $content['contentid']; ?></textarea> <fieldset> <legend>Actions</legend> <p> <input name="save" type="submit" value="Save" /> </p> </fieldset> </form> <?php } if(!empty($_POST['save'])) { if(empty($_POST['title']) || empty($_POST['callid'])) { echo '<blockquote class="failure">Save not successful. You need to have both a title and content id. Please type in a title then click the "Suggest" button.</blockquote>'; displayForm(); } else { $time = time(); $bc = explode(',', $_POST['breadcrumb']); $bcText = array(); $bcLink = array(); for($i = 0; $i < count($bc); $i++) { $bc[$i] = explode('::', $bc[$i]); $bcLink[$i] = $bc[$i][0]; $bcText[$i] = $bc[$i][1]; } $bcLink = implode(',', $bcLink); $bcText = implode(',', $bcText); $con = $GLOBALS['mysql']->connect(); $query = mysql_query($_POST['sql'], $con); echo $_POST['sql']; if(!$query) { echo '<blockquote class="failure">Warning: A MySQL error has occured while adding the backup to the database.<p>' . mysql_error() . '</p></blockquote>'; displayForm(); } $sql = 'UPDATE `content` SET `content` = \'' . $_POST['editPageWYS'] . '\', `breadcrumb` = \'' . $bcText . '\', `breadcrumbLink` = \'' . $bcLink . '\', `contentCallid` = \'' . $_POST['callid'] . '\', `contentTitle` = \'' . $_POST['title'] . '\', `version` = \'' . ($_POST['version'] + 1) . '\', `lastEdit` = \'' . $time . '\', `lastEditBy` = \'' . $_SESSION['username'] . '\' WHERE `contentid` = ' . $_POST['contentid'] . ' LIMIT 1 ;'; $query = mysql_query($sql, $con); if(!$query) { echo '<blockquote class="failure">MySQL Error<p>' . mysql_error() . '</p></blockquote>'; displayForm(); } else { echo '<blockquote>Page Successfully Edited<br /><br /><a href="index.php?p=' . $_POST['callid'] . '&ref=newPage">Click Here to View It</a></blockquote>'; } } } else { displayForm(); } } ?> Link to comment https://forums.phpfreaks.com/topic/226521-php-adding-slashes-without-instruction/ Share on other sites More sharing options...
trq Posted February 3, 2011 Share Posted February 3, 2011 Your server must have magic_quotes enabled. You should disable this if you have acess, otherwise, you'll need to use stripslashes. Link to comment https://forums.phpfreaks.com/topic/226521-php-adding-slashes-without-instruction/#findComment-1169172 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.