Page 1 of 1

HTML code into PHP variable

Posted: Thu Jul 16, 2009 3:31 am
by uNcLeChAd
Hi all, I am creating a news letter that is editable by the client....I have two pages: index.php and preview.php....index.php contains all html forms etc. in this file, i have a textarea that would contain all code that the client would like to be previewed in preview.php...in other words, the client would enter all html code into this text area...the text area code looks like this:

Code: Select all

<textarea name="leftcolumn"></textarea>
.

This code is then posted to preview.php, where it is placed in a variable:

Code: Select all

$leftcolumn = $_POST["leftcolumn"];
Then i created another php variable to contain all outputted code and then echoed the whole thing...for example:

Code: Select all

$allcode = "<html>
<body>
<table>
<tr>
<td>".$leftcolumn."
</td>
<td>".$rightcolumn."
</td>
</tr>
</table>
</body>
</html>";
echo $allcode;
However, when the client enters the code for an image, or anything requiring quotes on either side, the code outputted looks like this:

Code: Select all

<img src=/"images/pic.jpg\" />
This obviously does not display a picture...can anybody help? thanks :)

Re: HTML code into PHP variable

Posted: Thu Jul 16, 2009 3:49 am
by iamngk
use addslashes and stripslashes.


<td>".addslashes($leftcolumn)."</td>


when u print $allcode,
echo stripslashes($allcode);

Re: HTML code into PHP variable

Posted: Thu Jul 16, 2009 3:57 am
by uNcLeChAd
That changed the /" to a \\\"...and the image shows a broken link

Re: HTML code into PHP variable

Posted: Thu Jul 16, 2009 4:52 am
by turbolemon
Check if you have magic_quotes_gpc enabled, it's depreciated in php 5.3 and will not be available in php 6 at allhttp://en.wikipedia.org/wiki/Magic_quotes, so it's best to code without it where possible. You can check if it's enabled using phpinfo().

Disabling it at runtime has no effect (contrary to popular belief http://www.php.net/~derick/meeting-note ... gic-quotes), so the only alternative is to code around it otherwise. You would use stripslashes as part of your input filtering and only addslashes where needed.

http://www.jimmysworld.org/article.html?aID=59 Explanation of it, not a site I would usually quote, but having trouble connecting to php.net :(

Re: HTML code into PHP variable

Posted: Thu Jul 16, 2009 4:54 am
by uNcLeChAd
alright, i added stripslashes where the variables are placed...and added a final stipslash where i print the code...that worked! thanks everyone! its much appreciated :)