Page 1 of 1
Displaying PHP code
Posted: Sat Jul 14, 2007 10:05 pm
by MattKrass
Hi everyone, I was wondering if you could help me out with something. I'm trying to write an online management console for my site (
http://www.themattcave.org/) that will allow me to edit files directly on the server after logging in. So far I've written code to open file and display in <textarea>, at this point I noticed opening files with a </textarea> tag in them would cause the page to terminate the <textarea> tag prematurely, so I ended up using htmlentities() to clean up the contents of the file before displaying. Now this so far has worked fine for editing just HTML files. The problem lies in editing PHP files. The htmlentities() function seems to eat things like this:
echo "<form action=\"" . $_SERVER['REQUEST_URI'] . "\" name=\"ContentForm\" method=\"post\">";
In the <textarea> it shows up as
echo "<form action="" . $_SERVER['REQUEST_URI'] . "" name="ContentForm" method="post">";
And if I save the edits, little changes like that obviously make PHP unhappy and it breaks the page. Any suggestions?
Have I provided enough information?
Thanks in advance,
Matt
Posted: Sat Jul 14, 2007 10:12 pm
by feyd
htmlentities() likely isn't the one removing those backslashes. Can you post the code you are currently using?
Posted: Sat Jul 14, 2007 10:20 pm
by MattKrass
The code is below, this page is dual purpose, depending on which (if any) mode value is passed to it via GET, it will either edit content data in a MySQL DB, or edit the files in the local directory.
Thanks for the help.
Code: Select all
<script language="JavaScript">
function LoadNew()
{
document.ContentForm.content.value = "";
document.ContentForm.submit();
}
</script>
<?php
include('header.php');
$user = "root";
$password = "";
$database = "themattcave";
mysql_connect(localhost,$user,$password);
mysql_select_db($database) or die('Unable to select database');
$pagesel = $_POST['pagesel'];
$content_raw = $_POST['content'];
$mode = $_GET['mode'];
$content_clean = stripslashes($content_raw);
switch($mode)
{
case 0:
$type = "Content";
break;
case 1:
$type = "File";
break;
}
if($pagesel == '')
{
if($mode == 0) // Content editor
$pagesel = "home";
if($mode == 1) // Raw file editor
$pagesel = "index.php";
}
if($content_clean != '')
{
if($mode == 0)
{
$query = "UPDATE basic SET content = '$content_raw' WHERE name = '". $pagesel . "'";
$result = mysql_query($query);
echo "Database content entry updated.";
}
else if($mode == 1)
{
echo "Saving to: $pagesel <br>";
$handle = fopen($pagesel,'w');
fwrite($handle,$content_raw);
fclose($handle);
echo "File saved successfully.";
}
}
print '
<h2 class="title center">' . $type . ' Editor </h2>
';
echo "
<form action=\"" . $_SERVER['REQUEST_URI'] . "\" name=\"ContentForm\" method=\"post\">
<select name=\"pagesel\" OnChange=\"LoadNew();\">";
if($mode == 0)
{
$query = "SELECT * FROM `basic` WHERE `name` = '". $pagesel . "'";
$result = mysql_query($query);
$content = mysql_result($result, 0, "content");
$query = "SELECT * FROM `basic` WHERE 1";
$result = mysql_query($query);
$num = mysql_numrows($result);
}
else if($mode == 1)
{
$content = stripslashes(file_get_contents($pagesel));
$num = (sizeof(scandir(dirname($_SERVER['SCRIPT_FILENAME']))) - 2);
$d = dir(dirname($_SERVER['SCRIPT_FILENAME']));
}
$i = 0;
while($i < $num)
{
if($mode == 0)
{
$name = mysql_result($result,$i,"name");
}
else if($mode == 1)
{
$name = ".";
while(substr($name, 0, 1) == ".")
{
$name = $d->read();
}
}
echo "<option value=\"$name\" ";
if($name == $pagesel)
{
echo "selected=\"1\"";
}
echo ">$name</option>";
$i++;
}
$printablehtml = htmlspecialchars($content, ENT_NOQUOTES);
print "
</select><br>
<textarea cols=\"96\" rows=\"30\" name=\"content\">
$printablehtml
</textarea>
<br>
The number of rows returned was: $num<br>
<input type=\"submit\" value=\"Save\">
<input type=\"button\" value=\"Discard\" OnClick=\"LoadNew()\">
</form>
";
mysql_close();
?>
Posted: Sat Jul 14, 2007 11:01 pm
by feyd
You're running
stripslashes() on $content.
Posted: Sat Jul 14, 2007 11:17 pm
by MattKrass
Thanks for the help feyd, that fixed my display problem, I was using stripslashes() to prevent it from damaging the file, but all I had to do was write $content_clean to the file after.
Thanks all
Posted: Sat Jul 14, 2007 11:43 pm
by feyd
Make sure to read your private messages.