Problem with stripslashes()
Posted: Tue Jul 25, 2006 7:54 am
Hi all,
I have a form the posts variables to a processing page. On the processing pages, I am making the posted variables into $_SESSION variables so that I can prefill the form and return the user to it in case there are submission errors. I am running the following code to process the posted variables:
If the user is returned to the form, I am running the following code to prefill the form fields with the values he/she originally entered:
The problem is that stripslashes() is not stripping the backslashes added with the "clean" function. I can't figure out where I am going wrong, as the function works fine on values pulled from a database.
Can anyone help? Here is a link to my phpinfo() page...
http://lab.slais.ucl.ac.uk:8036/~p100saj/check.php
Thanks.
I have a form the posts variables to a processing page. On the processing pages, I am making the posted variables into $_SESSION variables so that I can prefill the form and return the user to it in case there are submission errors. I am running the following code to process the posted variables:
Code: Select all
function clean($input, $maxlength)
{
$input = substr($input, 0, $maxlength);
$input = EscapeShellCmd($input);
return ($input);
}
// Get and clean the user inputs
$fileTitle = clean($_POST["fileTitle"], 50);
$fileDesc = clean($_POST["fileDesc"], 1000);
//Create an array to hold the form variables in case there is a submission error
$_SESSION["formVars"]["fileTitle"] = $fileTitle;
$_SESSION["formVars"]["fileDesc"] = $fileDesc;
if(empty($_SESSION["formVars"]["fileTitle"]))
$_SESSION["formErrors"]["fileTitle"] = "<span>You must give the document a title</span>\n";
if(empty($_SESSION["formVars"]["fileDesc"]))
$_SESSION["formErrors"]["fileDesc"] = "<span>You provide a description of the file</span>";
if(!empty($_SESSION["formErrors"]))
{
header("Location: addFile.php");
}Code: Select all
//Define a function to process form errors
function fieldError($fieldName, $formErrors)
{
if(isset($_SESSION[$formErrors][$fieldName]))
echo "<span>".$_SESSION[$formErrors][$fieldName]."</span><br />";
}
<form name="addFile" action="addFileProcess.php" method="post" enctype="multipart/form-data">
<table cellspacing="10">
<tr>
<td>File title:</td>
<td><?php echo fieldError("fileTitle", "formErrors");?><input name="fileTitle" type="text" size="40" maxlength="50" value="<?php echo stripslashes($_SESSION["formVars"]["fileTitle"]);?>"></td>
</tr>
<tr>
<td>File description:</td>
<td><?php echo fieldError("fileDesc", "formErrors");?>
<textarea name="fileDesc" cols="32" rows="8"><?php echo stripslashes($_SESSION["formVars"]["fileDesc"]); ?></textarea></td>
</tr>
</table>
</form>
<?php
unset($_SESSION["formVars"]);
unset($_SESSION["formErrors"]);
?>The problem is that stripslashes() is not stripping the backslashes added with the "clean" function. I can't figure out where I am going wrong, as the function works fine on values pulled from a database.
Can anyone help? Here is a link to my phpinfo() page...
http://lab.slais.ucl.ac.uk:8036/~p100saj/check.php
Thanks.