Accurax Posted June 9, 2007 Share Posted June 9, 2007 Hi there gys, any help witht his would be really appreciated. I am passing various strings through a php script to then ahve them display as an image (dont ask lol) I'm using stripslashes(); to avoid any html being entered into the script AND also because some of the strings i'm passing contain the ' char, which gets auto escaped via magic quotes. Now, i can strip this escape char \ away with stripslashes, BUT, if the user makes more changes to the phrase... font... colour etc, then each time they click submit more slashes get added. How can i stop slashes being added at all, maintain security and not go bald through hair pulling? Any clues chaps? Quote Link to comment https://forums.phpfreaks.com/topic/54876-solved-stripslashes-is-annoying-me/ Share on other sites More sharing options...
chocopi Posted June 9, 2007 Share Posted June 9, 2007 how would they add the stuff. is it through the url bar, input box, textarea. If you could post you code then we can go from there ~ Chocopi Quote Link to comment https://forums.phpfreaks.com/topic/54876-solved-stripslashes-is-annoying-me/#findComment-271406 Share on other sites More sharing options...
Accurax Posted June 9, 2007 Author Share Posted June 9, 2007 yes im using $_GET, Basically the process is as follows; 1) User arrives at the page greeted by my friendly form 2) User either types in his/her own phrase, or visits my "premade" phrases page 3)assuming user selects a premade, clicking on the phrase will return the user to the form where there selected phrase is displayed in the default colour (black) 4) the user can then adjust the font and colour, as many times as they wish, untill they are happy. Problem is with phrases that contain ' everytime the user makes a change a slash gets added heres the code for the form / preview box <body> <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="get"> <h2>Enter Your Phrase</h2> <input type="text" name="phrase" value="<?php if(isset($_GET["phrase"])) { echo $_GET["phrase"]; } ?>"/> <a href=phrases.php>Or pick from one of our phrases</a> <br /> <h2>Select Your Font</h2> <select name="font"> <?php if(isset($_GET["font"])) { $val = $_GET['font']; echo "<option value=\"$val\" selected=\"selected\">$val</option>"; } ?> <option value="fonts/Adorable.ttf">Adorable</option> <option value="fonts/AMAZR___.TTF">AMAZR</option> <option value="fonts/angelina.TTF">angelina</option> <option value="fonts/Antique Type.ttf">Antique Type</option> <option value="fonts/Ashley.ttf">Ashley</option> <option value="fonts/Charlesworth Bold.ttf">Charlesworth Bold</option> </select><br /> <h2>Select Your Color</h2> <select name="colour"> <?php if(isset($_GET["colour"])) { $val = $_GET['colour']; echo "<option value=\"$val\" selected=\"selected\">$val</option>"; } ?> <option value="red" class="red">Red</option> <option value="pink" class="pink">Pink</option> <option value="blue" class="blue">Blue</option> </select><br /> <input type="submit" /><br /> </form> <?php if(isset($_GET["phrase"])) { $p = stripslashes($_GET["phrase"]); $f = $_GET["font"]; $c = $_GET['colour']; echo "<img src=\"test2.php?phrase=$p&font=$f&colour=$c\" alt=\"\" />"; } ?> </body> </html> there are two other files .... one creates the image itself, and the other allows the user to select premade phrases by passing GET variables. Any idea's? Quote Link to comment https://forums.phpfreaks.com/topic/54876-solved-stripslashes-is-annoying-me/#findComment-271408 Share on other sites More sharing options...
Accurax Posted June 9, 2007 Author Share Posted June 9, 2007 Must be the ammount of beer I drank last nigh, because i keep making silly mistakes that take hours to figure out. ive got it Quote Link to comment https://forums.phpfreaks.com/topic/54876-solved-stripslashes-is-annoying-me/#findComment-271444 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.