Page 2 of 2

Posted: Fri Jul 21, 2006 9:06 am
by RobertGonzalez
You know like when you have a form field that posts to a database, but before you post it to the DB you echo to the screen so the user can verify it. Something along those lines. Taking an input and using it on the screen to show what was input.

Posted: Fri Jul 21, 2006 12:25 pm
by kbrown3074
what about using addslashes() and stripslashes() with the text box values?

Posted: Fri Jul 21, 2006 12:27 pm
by feyd
slashes do nothing for attribute values.. I think instead of debating this discussion further, we should probably wait for icesolid to come back and clarify things.

Posted: Fri Jul 21, 2006 7:05 pm
by w35z0r
I have an Increadably simmular problem. I'm trying to take user input (textbox) and write it to a file. everytime I do, quotes (") and backslashes (\) get backslahes in front of them (\")(\\).

Then, later on, a php page opens that txt file (via include) and uses it as its content. (so I can quickly add 'whats new!' and such)

But we know what happens, my HTML gets very messed up. So what would I do to not write the backslashes in front of these things (I assume, based off of what I read here, they are called HTML Entities)?

EXAMPLE:

Code: Select all

$textboxString = <img src="images\test.jpg">;

#would be written to the file as:
<img src=\"images\\test.jpg\">
end EXAMPLE


*looks up hmtlentities() and html_entity_decode()*

Ah, so

Code: Select all

$textboxString = <img src="images\test.jpg">
fwrite(htmlentities($textboxString);
Would write the $textboxString in a way that I could include it in a page and it would bring up that image?

Yes? No?

Posted: Fri Jul 21, 2006 7:16 pm
by Benjamin
If it was a textbox, and not an input box, the text would still display even with quotes in it.

Posted: Fri Jul 21, 2006 8:33 pm
by w35z0r
Alright.

Allow me to post the troubleing code.
Objectives Admin can log into a special site that will allow them to quickly change the Marquee text with out having to FTP a whole new, updated source.

source of the site using the marquee:

Code: Select all

<?php
print("

<!--  The site...-->

<marquee scroll align=\"center\" loop=\"infinant\" bgcolor=\"black\" scrolldelay=\"1\" scrollamount=\"3\">

");
	include 'marquee.txt';
	
	print("

</marquee>

<!-- the rest of the site....-->
Now, the Admin Console

Code: Select all

#admin has logged in, the following code is to open marquee.txt, fetch its contents, and display them in a textbox so the admin may edit the contents

$file = fopen('marquee.txt','r');
$marquee = fread($file, filesize('marquee.txt'));
fclose($file);
		
print("
	<form method=\"post\" action=\"marqueeSubmit.php\">
			
	<textarea name=\"marquee\" cols=\"125\" rows=\"50\"> $marquee </textarea>
	<input type=\"submit\" value=\"submit marquee\">
	</form>
");

#marqueeSubmit.php

$file = fopen('marquee.txt','r+');
fwrite($file, $marquee);
fclose($file);
			
print("
	done <br />
	<a href=\"siteWithMarquee.php\"> Test it out </a>
");
However, when I put something along the lines of <img src="images\smily.gif"> it writes it as <img src=\"images\\smily.gif\"> and html is unable to understand.

Also, when presented with the text box containing the contents of marquee.txt, I sometimes delete everything to start over. However, when I look at the marquee in action (and the marquee.txt file) I see that parts of the orginal file are still left.

So if the file was

Code: Select all

Hello and welcome to my site!
and I selected all and deleted everything and wrote

Code: Select all

PHP rocks!
I would get

Code: Select all

PHP rocks!welcome to my site!
This is puzzling me! I hope I have been thorough enough to be able to give any clues as to the solution to the problem.
Thank you very much for your time.

I did it!

Posted: Fri Jul 21, 2006 9:47 pm
by w35z0r
Yes! I reviewd discussions in this thread and found that neither htmlentities() nor html_entity_decode() did what I wanted.

However, One thing proposed did stick out in my head, stripslashes(). I put it in and it worked perfectly!

Then I also thought of a solution to the characters being left over from from previous entries.

The solution was, of course, that I was writing with r+ and not w. ( I had thought that the slashes might be coming from certain properties of w, so I switched to r+ to test and I forgot to switch back)

Well, thank you for... writing things. You've helped me and solved a few headaches.

:P

Posted: Fri Jul 21, 2006 10:52 pm
by AngryPanda
Well, if you care to find out *why* those slashes were appearing, search the manual for (evil) "magic quotes". Somewhat akin to register_globals, it babies the scripter and promotes poor coding !