Page 1 of 1

Simple - Adding stripslashes...but how?

Posted: Mon Mar 05, 2007 8:43 pm
by JAB Creations
The script below works great except I'm a bit clueless on where I actually have to apply (and how I would apply) stripslashes() as PHP is adding escaping slashes to the output!

I've tried...
stripslashes($_POST['template']);
stripslashes($file);
stripslashes($template);

on the line before fopen.

Code: Select all

<?php
$template = basename($_SERVER['HTTP_REFERER']);

if(isset($_SERVER['HTTP_REFERER'])) {
echo 'The referer page is: <b>' . $template .'</b> <br />'; 
}
else if(!isset($_SERVER['HTTP_REFERER'])) {
echo 'No referrer set!';
echo '<br />php dies';
die();
}

if (isset($_POST['template']) && isset($_POST['textarea'])) {

$template = $_POST['template'];
$file = fopen($template, 'w');
fwrite($file, $_POST['textarea']);
fclose($file);
?>
<span style="#f00">The changes have been saved and will show as follows.</span>
<form>
<textarea name="textarea2" cols="64" rows="16" disabled="disabled"><?php readfile($template);?></textarea>
</form>

<?php
} else {
$template = basename($_SERVER['HTTP_REFERER']);
if(isset($_SERVER['HTTP_REFERER'])) {
echo 'The referer page is: <b>' . $template .'</b> <br />'; 
}

?>
<form method="post" action="<?php echo 'edit.php';?>">
<textarea name="textarea" cols="64" rows="16"><?php readfile($template);?></textarea>
<input type="hidden" name="template" value="<?php echo $template;?>" />
<br><input type="submit" name="Submit" value="Submit"></form>
<?php
}
?>

Posted: Mon Mar 05, 2007 9:23 pm
by feyd
Are you storing the output from the function?

Also, use get_magic_quotes_gpc() should be used to determine if calling stripslashes() is required.

Posted: Mon Mar 05, 2007 9:27 pm
by JAB Creations
Echoing get_magic_quotes_gpc(); I get 1. I'm simply editing the contents of a file that are written in to the textarea. I'm pretty sure I want to use stripslashes. :wink: Thanks for pointing out get_magic_quotes_gpc();. Once I get this working I'm going to look in to authentication, WOOHOO!

Posted: Mon Mar 05, 2007 9:43 pm
by JAB Creations
Are you suggesting that I should detect if it's enabled and then use stripslashes if so?

Code: Select all

if (get_magic_quotes_gpc())
{}
I'm still not sure where to actually place the code and how?

Posted: Mon Mar 05, 2007 9:51 pm
by feyd
Yes.

You place it wherever you are using $_POST, $_GET, $_REQUEST, and $_COOKIE.

Posted: Mon Mar 05, 2007 10:00 pm
by JAB Creations
Cool, I've tried working directly with $_POST but I'm only hitting my thumb with the hammer. :?

Here are a couple things I tried...

Code: Select all

if (get_magic_quotes_gpc()) {$template = stripslashes($_POST['template']);}

if (get_magic_quotes_gpc()) {stripslashes(fwrite ($file, $_POST['textarea']));}
Thanks for your help so far!

Posted: Mon Mar 05, 2007 10:06 pm
by feyd
It's easier to simply iterate over each superglobal resetting the elements to their stripped form. ;)

Posted: Mon Mar 05, 2007 10:22 pm
by JAB Creations

Code: Select all

if (get_magic_quotes_gpc()) {fwrite ($file, stripslashes($_POST['textarea']));}
...and there was much rejoicing. yay.

Winter changed in to spring, spring changed in to summer, summer changed back in to winter, and winter gave spring and summer amiss and went straight on in to autumn.

And now on to authentication! *sighs* :lol: