[SOLVED] Storing php tags in database

[calabiyau]

This is kind of hard to explain and it might seem like a strange thing to try to do, but I am making a content management system.  I have a text area in the admin panel and use javascript to drop various tags into the text area.  When finished  I click save and it is saved in the database as whatever page.  I want to make this system expandable for making different scripts which I will upload into an extensions directory.  So in the admin, I read the contents of the directory and output them as select options so I may insert an include code into the text area, that is generated using javascript and the value of the select.  The code is as below:

 

function insertExt(myField,myValue) 
{



mynewvalue ="<?php include('extensions/" + myValue + "');?>";
//IE support
if (document.selection) {
myField.focus();
sel = document.selection.createRange();



sel.text = mynewvalue;
}
//MOZILLA/NETSCAPE support
else if (myField.selectionStart || myField.selectionStart == '0') {
var startPos = myField.selectionStart;
var endPos = myField.selectionEnd;
myField.value = myField.value.substring(0, startPos)
+ mynewvalue
+ myField.value.substring(endPos, myField.value.length);
} else {
myField.value += mynewvalue;
}
}

 

And the part from the admin section

 

echo '<form name="imgupload" action="'.$current_url.'" method="post">';
echo '<a href="#" onclick="insertExt(document.softarea.softstring,document.imgupload.extensions.value);"><span class="menu">Insert Extension</span></a>';



echo '<select name="extensions">';

$dir = "extensions";
$dh = opendir($dir) or die ("could not open dir");
while ( !(($file = readdir($dh)) === false) )
{
echo '<option value="'.$file.'">'.$file.'</option>';

}

echo '</select><br/><br/>';

echo '<form name="softarea" action="'.$current_url.'" method="post">';

echo '<textarea name="softstring" rows="20" cols="48"></textarea>';

echo '<input type="hidden" name="flag" value="1a"/>';

		echo '<select name="new_page">';

		include('../connections.php');
		$query = "SELECT * FROM pages WHERE status='0'";
		$results_id = mysql_query($query, $connect);
		while ($row = mysql_fetch_array ($results_id))
			{
			echo '<option value="'.$row['url'].'">'.$row['title'].'</option>';
			}
		echo'</select><br/>';



echo '<input id="button" type="submit" value="Save Page">';
echo '</form>';

 

Then this is the final part which inserts the code into the database

 

include('../connections.php');


$softstring = $_POST['softstring'];
$new_page = $_POST['new_page'];
echo $new_page."<br/>";
echo $softstring;

$query = "INSERT INTO ".$new_page." VALUES
	(' ','$softstring')";
if (mysql_query($query, $connect))
{
echo "<p>code inserted into".$new_page."</p>";

$query = "UPDATE pages SET status ='1' WHERE url = '$new_page'";

	if (mysql_query($query, $connect))
		{
		echo "Page status has been changed to created";
		}

 

Then the form is sent to the same page but with a flag set so it accesses a different function that inserts the text area code into the database to be called up later on the site by the appropriate page and then it has the code to include the extension, whatever that happens to be.

 

So this worked perfectly on my home server until the other day it stopped working.  The javascript part of creating the include code on the text area worked fine and I tested with some echo's to make sure that the variables were being posted and recieved, but the new record wasn't being added to the database. I finally narrowed the problem down to the fact that I had changed the magic quotes setting to off.  So I switched it back on and it was working again.  But I want this to be portable no matter what the setting.  So I guess I am wondering what is going on here.  With MQ off is php parsing the <?php include ?> instead of inserting it into the database?  Is there a way to stop this from happening?