Displaying PHP code

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
MattKrass
Forum Newbie
Posts: 3
Joined: Sat Jul 14, 2007 9:57 pm

Displaying PHP code

Post by MattKrass »

Hi everyone, I was wondering if you could help me out with something. I'm trying to write an online management console for my site (http://www.themattcave.org/) that will allow me to edit files directly on the server after logging in. So far I've written code to open file and display in <textarea>, at this point I noticed opening files with a </textarea> tag in them would cause the page to terminate the <textarea> tag prematurely, so I ended up using htmlentities() to clean up the contents of the file before displaying. Now this so far has worked fine for editing just HTML files. The problem lies in editing PHP files. The htmlentities() function seems to eat things like this:

echo "<form action=\"" . $_SERVER['REQUEST_URI'] . "\" name=\"ContentForm\" method=\"post\">";

In the <textarea> it shows up as

echo "<form action="" . $_SERVER['REQUEST_URI'] . "" name="ContentForm" method="post">";

And if I save the edits, little changes like that obviously make PHP unhappy and it breaks the page. Any suggestions?
Have I provided enough information?

Thanks in advance,
Matt
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

htmlentities() likely isn't the one removing those backslashes. Can you post the code you are currently using?
MattKrass
Forum Newbie
Posts: 3
Joined: Sat Jul 14, 2007 9:57 pm

Post by MattKrass »

The code is below, this page is dual purpose, depending on which (if any) mode value is passed to it via GET, it will either edit content data in a MySQL DB, or edit the files in the local directory.
Thanks for the help.

Code: Select all

<script language="JavaScript">
	function LoadNew()
	{
		document.ContentForm.content.value = "";
		document.ContentForm.submit();
	}
</script>
<?php 
include('header.php');

$user = "root";
$password = "";
$database = "themattcave";
mysql_connect(localhost,$user,$password); 
mysql_select_db($database) or die('Unable to select database');

$pagesel = $_POST['pagesel'];
$content_raw = $_POST['content'];
$mode = $_GET['mode'];
$content_clean = stripslashes($content_raw);

switch($mode)
{
	case 0:
		$type = "Content";
		break;
	case 1:
		$type = "File";
		break;
}

if($pagesel == '')
{
	if($mode == 0) // Content editor
		$pagesel = "home";
	if($mode == 1) // Raw file editor
		$pagesel = "index.php";
}

if($content_clean != '')
{
	if($mode == 0)
	{
		$query = "UPDATE basic SET content = '$content_raw' WHERE name = '". $pagesel . "'";
		$result = mysql_query($query);
		echo "Database content entry updated.";
	}
	else if($mode == 1)
	{
		echo "Saving to: $pagesel <br>";
		$handle = fopen($pagesel,'w');
		fwrite($handle,$content_raw);
		fclose($handle);
		echo "File saved successfully.";
	}
}

print '
<h2 class="title center">' . $type . ' Editor </h2>
';
echo "
<form action=\"" . $_SERVER['REQUEST_URI'] . "\" name=\"ContentForm\" method=\"post\">
<select name=\"pagesel\" OnChange=\"LoadNew();\">";
if($mode == 0)
{
	$query = "SELECT * FROM `basic` WHERE `name` = '". $pagesel . "'";
	$result = mysql_query($query);

	$content = mysql_result($result, 0, "content");

	$query = "SELECT * FROM `basic` WHERE 1";

	$result = mysql_query($query);
	$num = mysql_numrows($result);
}
else if($mode == 1)
{
	$content = stripslashes(file_get_contents($pagesel));
	$num = (sizeof(scandir(dirname($_SERVER['SCRIPT_FILENAME']))) - 2);
	$d = dir(dirname($_SERVER['SCRIPT_FILENAME']));
}
$i = 0;

while($i < $num)
{
	if($mode == 0)
	{
		$name = mysql_result($result,$i,"name");
	}
	else if($mode == 1)
	{
		$name = ".";
		while(substr($name, 0, 1) == ".")	
		{
			$name = $d->read();
		}			
	}
	
	echo "<option value=\"$name\" ";	
	if($name == $pagesel)
	{
		echo "selected=\"1\"";
	}
	echo ">$name</option>";
	$i++;
}
$printablehtml = htmlspecialchars($content, ENT_NOQUOTES);

print "
</select><br>
<textarea cols=\"96\" rows=\"30\" name=\"content\">
$printablehtml
</textarea>
<br>
The number of rows returned was: $num<br>
<input type=\"submit\" value=\"Save\">
<input type=\"button\" value=\"Discard\" OnClick=\"LoadNew()\">
</form>
";
mysql_close();
?>
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

You're running stripslashes() on $content.
MattKrass
Forum Newbie
Posts: 3
Joined: Sat Jul 14, 2007 9:57 pm

Post by MattKrass »

Thanks for the help feyd, that fixed my display problem, I was using stripslashes() to prevent it from damaging the file, but all I had to do was write $content_clean to the file after.

Thanks all
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

Make sure to read your private messages.
Post Reply