Now, using this method somewhere in the process any html code with a " will get a \ automatically added to it, so img src="image.jpg" will become img src=\"image.jpg\" this itself isnt too much of problem yet as I can do this:
Code: Select all
<?php
$trans = array("\\" => "");
$msg=strtr($msg, $trans);
echo $msg;
?>However, if the user approves the post by pressing the submit button I want to pass $msg on the the final page such as insert.php?post=$msg
This is where the proble arises, here is my submit button code:
Code: Select all
echo "<center><form action=\"insert.php?email=$email&title=$title&post=$msg\" method=\"post\"><p><input type=\"submit\" /></p></form>";Code: Select all
$trans = array("\"" => "\\\"");
$msg=strtr($msg, $trans);
echo $msg;Code: Select all
<form action="email=a@a.com&title=imagetest&post=<IMG SRC=\"http://img377.imageshack.us/img377/6724/comic14bv9ws.jpg\>" method="post">Why is the " being removed? Since it has a \ in front of it should it not be skipped like all the other " in the statement?
Do I need someway to designate that the variable contains html and therefore should not be evaluated, simply passed?