Need to escape the escapes \\\\\\

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
chopWood
Forum Commoner
Posts: 45
Joined: Fri Apr 30, 2010 9:28 am

Need to escape the escapes \\\\\\

Post by chopWood »

How do I stop php from inserting escapes when I write a block of html code to a file? (or maybe I don't want to!)

I'm saving .txt files with html code from a form and saving them to a file to later be used as includes. Problem is that something like an image file that should look like this:
<img src="images/bioPortrait.jpg" align="left" border="1" hspace="6" vspace="6">

Looks like this when I include it:
<img src=\"images/bioPortrait.jpg\" align=\"left\" border=\"1\" hspace=\"6\" vspace=\"6\">

and therefore doesn't work.

This has to be a common problem with an easy answer but my brain hurts and I can't figure it out.

thanks so much
ChopWood
User avatar
requinix
Spammer :|
Posts: 6617
Joined: Wed Oct 15, 2008 2:35 am
Location: WA, USA

Re: Need to escape the escapes \\\\\\

Post by requinix »

Disable the magic_quotes INI setting. (And restart Apache)

Once you do that you'll have to make sure that you always sanitize user input, like using mysql_real_escape_string for MySQL queries htmlentities for HTML.
chopWood
Forum Commoner
Posts: 45
Joined: Fri Apr 30, 2010 9:28 am

Re: Need to escape the escapes \\\\\\

Post by chopWood »

Thanks. I turned off magic quotes in the ini file and life is good again and my brain is better. But you scare me a bit about the "always sanitize" comment. Can you tell me more about how to do this? Point me in a direction?

thanks again
User avatar
requinix
Spammer :|
Posts: 6617
Joined: Wed Oct 15, 2008 2:35 am
Location: WA, USA

Re: Need to escape the escapes \\\\\\

Post by requinix »

SQL injection
XSS (cross-site scripting)

To get you started. There are others.
chopWood
Forum Commoner
Posts: 45
Joined: Fri Apr 30, 2010 9:28 am

Re: Need to escape the escapes \\\\\\

Post by chopWood »

I looked up the htmlentities() function you mentioned and tried it out. It seems to work well. As long as I'm not putting any of this in a data base (just using it as a text file for including in another web page) do you think this is safe enough? I'm no even sure what could happen.


sample file:
<h2>Artist of the Month - Jeanne Maguire</h2>
<img src="images/bioPortrait.jpg" align="left" border="1" hspace="6" vspace="6">Je

thank you,
Chop
chopWood
Forum Commoner
Posts: 45
Joined: Fri Apr 30, 2010 9:28 am

Re: Need to escape the escapes \\\\\\

Post by chopWood »

WHOA! Everything came crashing down. Web page is a mess..guess that wasn't the thing to do. I'll check on the sources you provided above....
Post Reply