Addslashes and stripslashes problem.

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
ron_j_m
Forum Commoner
Posts: 35
Joined: Wed Feb 02, 2005 8:56 pm

Addslashes and stripslashes problem.

Post by ron_j_m »

What I have is a form that allows a user to imput text or html.
The form data is saved to a config file.
The problem comes when a user wants to use a backslash " \ ".
When I use stripslashes it removes the backslash.
Here is an example of what I am doing:

Code: Select all

//GET RID OF MAGIC QUOTES
if (get_magic_quotes_gpc()) { 
$_POST = array_map('stripslashes', $_POST); 
}

//GET POST DATA
if (isset($_POST['content'])){
$content=$_POST['content'];}

if (isset($_POST['content2'])){
$content2=$_POST['content2'];}

//TURN POST DATA INTO ARRAY
$config = array(
     $content=>"$content",
     $content2=>"$content2"
                        );

//ADDSLASHES
$config = array_map('addslashes', $config);

//WRITE CONFIG DATA TO CONFIG FILE.......
foreach //blablabla.......
It seems to work fine, adding the slashes correctly but when I display the form any intential backslashes are gone.

Code: Select all

<textarea name="content" cols="50" rows="5" id="content"><?php echo htmlentities(stripslashes($content));?>
So if I put: Hello, my name is "Ron" \
into the form only Hello, my name is "Ron" is returned. No backslash.

Any Ideas as to why this happens and someway to fix it?
Thanks
Ron
Last edited by ron_j_m on Fri Mar 03, 2006 4:43 pm, edited 1 time in total.
sheila
Forum Commoner
Posts: 98
Joined: Mon Sep 05, 2005 9:52 pm
Location: Texas

Post by sheila »

You don't need to stripslashes when you echo the content.
ron_j_m
Forum Commoner
Posts: 35
Joined: Wed Feb 02, 2005 8:56 pm

Post by ron_j_m »

If a single quote is inserted into the form and I dont use stripslashes then the single quote returns with the backslash.

Example:
My name is 'Ron'. My name is "Ron" \

Saves to config file:
My name is \'Ron\'. My name is \"Ron\" \\

Returns when echoed:
My name is \'Ron\'. My name is "Ron" \

Any Ideas?
Gambler
Forum Contributor
Posts: 246
Joined: Thu Dec 08, 2005 7:10 pm

Post by Gambler »

Saves to config file:
My name is \'Ron\'. My name is \"Ron\" \\
Why do you need extra slashes in config file?
ron_j_m
Forum Commoner
Posts: 35
Joined: Wed Feb 02, 2005 8:56 pm

Post by ron_j_m »

If I don't escape quotes it will throw errors.
So for example if someting like this was entered into the form:
<font color="black">

It will produce this error:
Parse error: parse error, unexpected T_STRING in /config.php on line 10

Ron
jmut
Forum Regular
Posts: 945
Joined: Tue Jul 05, 2005 3:54 am
Location: Sofia, Bulgaria
Contact:

Post by jmut »

Code: Select all

if (get_magic_quotes_gpc()) {
   $_REQUEST = array_strip_slashes($_REQUEST);
   $_GET = array_strip_slashes($_GET);
   $_POST = array_strip_slashes($_POST);
  
   set_magic_quotes_runtime(0);
}


function array_strip_slashes($arr)
{
   if (!is_array($arr)) return stripslashes($arr);

      foreach ($arr as $key => $value) {
      if (is_array($value)) {
      array_walk($value, 'array_strip_slashes');
      $arr[$key] = $value;
      } else {
      $arr[$key] = stripslashes($arr[$key]);
      }
   }

   return $arr;
}
Try with this code.
Basically the problem I think is you forget to set set_magic_quotes_runtime(0); so that when you are adding slashes you are sure they don't take
affect also (hence adding_slash twice).
ron_j_m
Forum Commoner
Posts: 35
Joined: Wed Feb 02, 2005 8:56 pm

Post by ron_j_m »

Nope same problem.

Still when I echo out $content using stripslashes it will strip out any intentinal backslashes ( \ )
example form data input: 'hello' \
example with stripslashes echo: 'hello'

and when I echo without stripslashes it displays the intentinal backslash properly but it leaves in the backslash before a quote.
example form data input: 'hello' \
example without stripslashes echo: \'hello\' \

Any other ideas?
Ron
ron_j_m
Forum Commoner
Posts: 35
Joined: Wed Feb 02, 2005 8:56 pm

Post by ron_j_m »

I found this in the php manual pages
It should be of note that if you are stripping slashes to get rid of the slashes added by magic_quotes_gpc then it will also remove slashes from \. This may not seem that bad but if you have someone enter text such as 'testing\' with a slash at the end, this will cause an error if not corrected. It's best to strip the slashes, then add a slash to every single slash using $text = str_replace('\\', '\\\\', $text);
It seems to be working but it just seems odd that this is how it has to be done.
I wish there were some other options.

Ron
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

it might be more how it's used.. as I've never had to do that to "fix" an issue with stripslashes being over zealous.
sheila
Forum Commoner
Posts: 98
Joined: Mon Sep 05, 2005 9:52 pm
Location: Texas

Post by sheila »

ron_j_m wrote:If I don't escape quotes it will throw errors.
So for example if someting like this was entered into the form:
<font color="black">

It will produce this error:
Parse error: parse error, unexpected T_STRING in /config.php on line 10

Ron
Have you tried defining the the 'quote_style' parameter in htmlentities?

Code: Select all

<?php echo htmlentities($content, ENT_QUOTES);
Post Reply