Page 1 of 1

Need to escape the escapes \\\\\\

Posted: Sat Jun 12, 2010 6:08 pm
by chopWood
How do I stop php from inserting escapes when I write a block of html code to a file? (or maybe I don't want to!)

I'm saving .txt files with html code from a form and saving them to a file to later be used as includes. Problem is that something like an image file that should look like this:
<img src="images/bioPortrait.jpg" align="left" border="1" hspace="6" vspace="6">

Looks like this when I include it:
<img src=\"images/bioPortrait.jpg\" align=\"left\" border=\"1\" hspace=\"6\" vspace=\"6\">

and therefore doesn't work.

This has to be a common problem with an easy answer but my brain hurts and I can't figure it out.

thanks so much
ChopWood

Re: Need to escape the escapes \\\\\\

Posted: Sat Jun 12, 2010 6:10 pm
by requinix
Disable the magic_quotes INI setting. (And restart Apache)

Once you do that you'll have to make sure that you always sanitize user input, like using mysql_real_escape_string for MySQL queries htmlentities for HTML.

Re: Need to escape the escapes \\\\\\

Posted: Sat Jun 12, 2010 6:30 pm
by chopWood
Thanks. I turned off magic quotes in the ini file and life is good again and my brain is better. But you scare me a bit about the "always sanitize" comment. Can you tell me more about how to do this? Point me in a direction?

thanks again

Re: Need to escape the escapes \\\\\\

Posted: Sat Jun 12, 2010 7:19 pm
by requinix
SQL injection
XSS (cross-site scripting)

To get you started. There are others.

Re: Need to escape the escapes \\\\\\

Posted: Sat Jun 12, 2010 7:40 pm
by chopWood
I looked up the htmlentities() function you mentioned and tried it out. It seems to work well. As long as I'm not putting any of this in a data base (just using it as a text file for including in another web page) do you think this is safe enough? I'm no even sure what could happen.


sample file:
<h2>Artist of the Month - Jeanne Maguire</h2>
<img src="images/bioPortrait.jpg" align="left" border="1" hspace="6" vspace="6">Je

thank you,
Chop

Re: Need to escape the escapes \\\\\\

Posted: Sat Jun 12, 2010 7:49 pm
by chopWood
WHOA! Everything came crashing down. Web page is a mess..guess that wasn't the thing to do. I'll check on the sources you provided above....