I've spent my day on this : trying to make a formular to auto-write on itself (one file, no DB).
It does work, but quotes make me nuts
As long as I write text with no " or ' it's OK, but if one of those appears, I get stuck with the phrase witten in formular, no way to handle it despite all my effort to add/strip slashes.
This is the code :
Code: Select all
<?php
////////////////handle with / without magic_quotes//////////////////////////////
function stripslashes_deep( $all ) //(used later for $value and $_POST)
{
return ( is_array($all) ) ? array_map('stripslashes_deep', $all) : stripslashes($all);
}
function addslashes_deep( $all_other ) // opposite as stripslashes_deep : \ needed for comparison
{
return ( is_array($all_other) ) ? array_map('addslashes_deep', $all_other) : addslashes($all_other);
}
//////////////// end of handling with magic_quotes//////////////////////////////
$this_script = basename($_SERVER['PHP_SELF']); // makes sure to use this script's name
if ($_POST)
{
if ( get_magic_quotes_gpc() == 0 ) // if not already done
{
$_POST = array_map('addslashes_deep', $_POST); // puts \ before '
}
$old = '$value = array (
"truc" => "chose",
"feedback_message" => "If you put apostrophees here you will get stuck !");';
$new = '$value = array (
"truc" => "chose",
"feedback_message" => "' . $_POST[feedback_message] . '");';
// this will re-new the content of the value array in memory ($modif_content)
$file=fopen($this_script,'r');
$content=file_get_contents($this_script);
if (get_magic_quotes_gpc)
{
$old = stripslashes ($old);// need to wipe before comparing !
}
$modif_content = str_replace($old, $new, $content);
fclose($file);
// open and change (write) memorised string into file
$file2=fopen($this_script,'w+');
fwrite($file2,$modif_content);
fclose($file2);
echo "<meta http-equiv='refresh' content='0';URL=" . $this_script . "?refresh=1'>"; //reload with new values
}
$value = array (
"truc" => "chose",
"feedback_message" => "If you put apostrophees here you will get stuck !");
$value = array_map('stripslashes_deep', $value); // puts \ before '
?>
<body>
<form method="post" action="<?php echo $this_script ?>">
<br /><br />
<label for="feedback_message">What is your message ?</label><br />
<textarea name="feedback_message" id="feedback_message" cols="120" rows="4" tabindex="170"><?php echo $value[feedback_message]; ?></textarea>
<input type="submit" value="submit"/>
</form>
<body>