Problem passing html within php variable
Posted: Wed Sep 14, 2005 6:27 pm
I have a msg box that accepts html code, then once submitted the preview msg page grabs the msg such as $msg=$_POST['msg'].
Now, using this method somewhere in the process any html code with a " will get a \ automatically added to it, so img src="image.jpg" will become img src=\"image.jpg\" this itself isnt too much of problem yet as I can do this:
and it will convert back to standard html form with out the \.
However, if the user approves the post by pressing the submit button I want to pass $msg on the the final page such as insert.php?post=$msg
This is where the proble arises, here is my submit button code:
Now, before i pass $msg, i need to put the \'s back in so that the "'s are treated correctly, so I do this:
Which will correctly place the \'s back in front of the "'s within the html string, however my 'form action' line will look like this when ran by the browser:
Notice the " after .jpg has been removed, the \ is there however. Everything else in the html code is correct.
Why is the " being removed? Since it has a \ in front of it should it not be skipped like all the other " in the statement?
Do I need someway to designate that the variable contains html and therefore should not be evaluated, simply passed?
Now, using this method somewhere in the process any html code with a " will get a \ automatically added to it, so img src="image.jpg" will become img src=\"image.jpg\" this itself isnt too much of problem yet as I can do this:
Code: Select all
<?php
$trans = array("\\" => "");
$msg=strtr($msg, $trans);
echo $msg;
?>However, if the user approves the post by pressing the submit button I want to pass $msg on the the final page such as insert.php?post=$msg
This is where the proble arises, here is my submit button code:
Code: Select all
echo "<center><form action=\"insert.php?email=$email&title=$title&post=$msg\" method=\"post\"><p><input type=\"submit\" /></p></form>";Code: Select all
$trans = array("\"" => "\\\"");
$msg=strtr($msg, $trans);
echo $msg;Code: Select all
<form action="email=a@a.com&title=imagetest&post=<IMG SRC=\"http://img377.imageshack.us/img377/6724/comic14bv9ws.jpg\>" method="post">Why is the " being removed? Since it has a \ in front of it should it not be skipped like all the other " in the statement?
Do I need someway to designate that the variable contains html and therefore should not be evaluated, simply passed?