LegosJedi Posted September 8, 2007 Share Posted September 8, 2007 So, I have a form, and when I submit it, if there are errors, what the user submits gets loaded back into the form. Magic Quotes is turned on, and you'd think that by using stripslashes(), I'd get rid of the slashes. It's not working for some reason. I don't know why. Here's the code for the page. <?php if(!defined('FLEXBB')) die('Index.php must be included with this file!<br /><br /><b>Hacking Attempt by '.$_SERVER['REMOTE_ADDR'].'</b>'); if(!$loguser['id']) { // Uh-oh! A guest! Guests can't post submissions! $Replace['template']['header']['1'][] = "{PAGE_NAME}"; $Replace['template']['header']['1'][] = "{USER_LOCATION}"; $Replace['template']['header']['2'][] = "Error!"; $Replace['template']['header']['2'][] = '<img border="0" src="templates/default/images/tree/folder.gif" style="vertical-align:bottom;"> <a href="index.php">{WEBSITE_NAME}</a><br /><img border="0" src="templates/default/images/tree/joinbottom.gif" style="vertical-align:bottom;"><img border="0" src="templates/default/images/tree/file.gif" style="vertical-align:bottom;"> <b>Error!</b>'; $TMPL->show("header","header.template.html"); echo "<table border=\"0\" cellpadding=\"0\" cellspacing=\"0\" width=\"100%\" class=\"table\"> <tr> <td width=\"20%\" valign=\"top\">"; $TMPL->show("link", "link.template.html"); echo "</td> <td width=\"80%\" valign=\"top\" style=\"padding-left: 10px;\">"; $Replace['template']['mods']['1'] = array("{HEADER_TEXT}","{MESSAGE_TEXT}"); $Replace['template']['mods']['2'] = array( "Error!", "You are not logged in. You need to be logged in to be able to submit your modification or template. Please <a href=\"http://flexbbmods.hyperphp.com/forums.php?page=login\">login</a>. If you are not a registered member, why not take the time to <a href=\"http://flexbbmods.hyperphp.com/forums.php?page=register\"register</a>? It'll only take a few seconds, and there are so many features that are enabled for memebers, including posting in the forum, submitting mods and templates, and more!" ); $TMPL->show("mods","general-table.template.html"); } else { $Replace['template']['submit']['1'] = array( "{NAME}", "{SHORT_DESCRIPTION}", "{DESCRIPTION}", "{VERSION}", "{LICENSE}", "{ERRORS}" ); $Replace['template']['submit']['2'] = array( "", "", "", "", "", "" ); if(isset($_POST['submit'])) { $name = $_POST['name']; $short = $_POST['short']; $description = $_POST['description']; $version = $_POST['version']; $type = intval($_POST['type']); $fversion = intval($_POST['fversion']); $category = intval($_POST['category']); $license = $_POST['license']; if(!isset($license)) { $license = $set['default_license']; } $license = str_replace('{USERNAME}', $_SESSION['flexbb_username'], $license); $license = str_replace('{DATE}', date('Y'), $license); $errors = array(); if(!isset($name) || !isset($short) || !isset($description) || !isset($version) || !isset($category) || !isset($license)) { $errors[] = "You left one or more fields blank. Please fix this."; $_POST['submit'] = ''; } $versionQuery = $DB->query("SELECT * FROM ".$prefix."versions WHERE vid='".$version."'"); if($DB->num_rows($versionQuery) <= 0) { $errors[] = "That version does not exist! Please select a new one."; $_POST['submit'] = ''; } $categoryQuery = $DB->query("SELECT * FROM ".$prefix."categories WHERE cid='".$category."'"); if($DB->num_rows($categoryQuery) <= 0) { $errors[] = "That category does not exist! Please select a new one."; $_POST['submit'] = ''; } if($_FILES['file']['error'] == "0") { $filename = $_FILES['file']['name']; $postfile = $_FILES['file']['name']; $filesize = round($_FILES['file']['size']/1024, 2); $filetmp = $_FILES['file']['tmp_name']; $filetype = strtolower(substr($filename, strrpos($filename, '.'))); $filetype = str_replace(".","",$filetype); $typeallow = explode(",", 'zip,rar'); // Is it over the allowed size if($filesize > 500 || $filesize == 0) { $errors[] = "The file you uploaded is too big! Please re-upload a smaller file."; $_POST['submit'] = ''; } if(!in_array($filetype, $typeallow)) { $errors[] = "The file you uploaded is not a zip file or a rar file."; $_POST['submit'] = ''; } if(file_exists('uploads/submissions/' . $filename)) { $errors[] = "The file you are trying to upload already exists. Please rename the file and upload it again"; $_POST['submit'] = ''; } } else { $errors[] = "You didn't include a file. Please select one to upload."; $_POST['submit'] = ''; } if(count($errors) > 0) { $Replace['template']['submit']['2'] = array( $name, $short, $description, $version, $license ); } else { $upload = move_uploaded_file($filetmp, 'uploads/submissions/' . $filename); if(!$upload) { $errors[] = "There was a problem with us uploading the file. Please try again."; $_POST['submit'] = ''; } $DB->query("INSERT INTO ".$prefix."submissions VALUES ('', '".$name."', '".$short."', '".$description."', '".$license."', '0', '".time()."', '0', '".$loguser[id]."', '".$version."', '".$fversion."', '".$category."', '".$type."', '0', '".basename($filename)."')"); $Replace['template']['header']['1'][] = "{PAGE_NAME}"; $Replace['template']['header']['1'][] = "{USER_LOCATION}"; $Replace['template']['header']['2'][] = "Thank You!"; $Replace['template']['header']['2'][] = '<img border="0" src="templates/default/images/tree/folder.gif" style="vertical-align:bottom;"> <a href="index.php">{WEBSITE_NAME}</a><br /><img border="0" src="templates/default/images/tree/joinbottom.gif" style="vertical-align:bottom;"><img border="0" src="templates/default/images/tree/file.gif" style="vertical-align:bottom;"> <b>Thank You!</b>'; $TMPL->show("header","header.template.html"); echo "<table border=\"0\" cellpadding=\"0\" cellspacing=\"0\" width=\"100%\" class=\"table\"> <tr> <td width=\"20%\" valign=\"top\">"; $TMPL->show("link", "link.template.html"); echo "</td> <td width=\"80%\" valign=\"top\" style=\"padding-left: 10px;\">"; $Replace['template']['mods']['1'] = array("{HEADER_TEXT}","{MESSAGE_TEXT}"); $Replace['template']['mods']['2'] = array( "Thank You!", "Thank you for your submission. It will now be reviewed by one of our staff members, and then should be added to the database. This shouldn't take more that 24 hours." ); $TMPL->show("mods","general-table.template.html"); } } if(!isset($_POST['submit']) || $_POST['submit'] == '') { $name = stripslashes($name); $short = stripslashes($short); $description = stripslashes($description); $version = stripslashes($version); $license = stripslashes($license); $Replace['template']['header']['1'][] = "{PAGE_NAME}"; $Replace['template']['header']['1'][] = "{USER_LOCATION}"; $Replace['template']['header']['2'][] = "Submit"; $Replace['template']['header']['2'][] = '<img border="0" src="templates/default/images/tree/folder.gif" style="vertical-align:bottom;"> <a href="index.php">{WEBSITE_NAME}</a><br /><img border="0" src="templates/default/images/tree/joinbottom.gif" style="vertical-align:bottom;"><img border="0" src="templates/default/images/tree/file.gif" style="vertical-align:bottom;"> <b>Submit</b>'; $TMPL->show("header","header.template.html"); echo "<table border=\"0\" cellpadding=\"0\" cellspacing=\"0\" width=\"100%\" class=\"table\"> <tr> <td width=\"20%\" valign=\"top\">"; $TMPL->show("link", "link.template.html"); echo "</td> <td width=\"80%\" valign=\"top\" style=\"padding-left: 10px;\">"; if(count($errors) > 0) { $error = " <br /><ul>"; foreach($errors as $err) { $error .= " <li>{$err}</li>"; } $error .= " </ul>"; $Replace['template']['submit']['2'][7] = $error; } $verQuery = $DB->query("SELECT vid, name FROM ".$prefix."versions ORDER BY name ASC"); while($ver = $DB->fetch_array($verQuery)) { if($ver['vid'] == $fversion) { $selected = " selected=\"selected\""; } $verSelect .= " <option value=\"{$ver['vid']}\"{$selected}>{$ver['name']}</option>\n"; $selected = ""; } $catQuery = $DB->query("SELECT cid, name FROM ".$prefix."categories ORDER BY name ASC"); while($cat = $DB->fetch_array($catQuery)) { if($cat['cid'] == $category) { $selected = " selected=\"selected\""; } $catSelect .= " <option value=\"{$cat['cid']}\"{$selected}>{$cat['name']}</option>\n"; $selected = ""; } $Replace['template']['submit']['1'][] = "{VERSION_SELECT}"; $Replace['template']['submit']['2'][] = $verSelect; $Replace['template']['submit']['1'][] = "{CATEGORY_SELECT}"; $Replace['template']['submit']['2'][] = $catSelect; $TMPL->show('submit', 'submit.template.html'); } } ?> Link to comment https://forums.phpfreaks.com/topic/68529-solved-stripslashes-problem/ Share on other sites More sharing options...
darkfreaks Posted September 9, 2007 Share Posted September 9, 2007 read up on php.net it wont work if magic_quotes is turned on. Note: If magic_quotes_sybase is on, no backslashes are stripped off but two apostrophes are replaced by one instead Link to comment https://forums.phpfreaks.com/topic/68529-solved-stripslashes-problem/#findComment-344490 Share on other sites More sharing options...
noidtluom Posted September 9, 2007 Share Posted September 9, 2007 You should do: if magic quotes is not on, then perform the slashes functions. Otherwise, just leave it up to magic quotes. Link to comment https://forums.phpfreaks.com/topic/68529-solved-stripslashes-problem/#findComment-344500 Share on other sites More sharing options...
LegosJedi Posted September 9, 2007 Author Share Posted September 9, 2007 See, that's the problem. I do perform the slashes function to remove the slashes, but it acts like I haven't performed the function, and displays it with slashes. Link to comment https://forums.phpfreaks.com/topic/68529-solved-stripslashes-problem/#findComment-344504 Share on other sites More sharing options...
darkfreaks Posted September 9, 2007 Share Posted September 9, 2007 turn Magic_quotes off or get rid of it. then use stripslashes. Link to comment https://forums.phpfreaks.com/topic/68529-solved-stripslashes-problem/#findComment-344506 Share on other sites More sharing options...
darkfreaks Posted September 9, 2007 Share Posted September 9, 2007 this should remove the slashes: <?php $string = str_replace("\\\"", "\"", $string);?> Link to comment https://forums.phpfreaks.com/topic/68529-solved-stripslashes-problem/#findComment-344507 Share on other sites More sharing options...
LegosJedi Posted September 9, 2007 Author Share Posted September 9, 2007 Ugh, I am such an idiot! I loaded the variables into the template array first, and then run the stripslashes function on the variable that was loaded into the array, not the variable in the array. It'll work now. Link to comment https://forums.phpfreaks.com/topic/68529-solved-stripslashes-problem/#findComment-344529 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.