Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 14 of 14
  1. #1
    Regular Coder
    Join Date
    Nov 2007
    Posts
    682
    Thanks
    319
    Thanked 1 Time in 1 Post

    PHP saving file, but adding slashes...

    I have managed to get PHP to save form data to a file, but it is automatically adding slashes to quotation marks ect..

    How can I stop this?

    PHP Code:
    //Check page has been opened using link
    if ($pageTopic != "") {
        }
        else {
        echo 
    "URl variable not set, please load page using given link, <a href=\"index.php\">Back!</a>";
        }
    $theData "../includes/$pageTopic"."Content.txt";
    //Edit page
    if (isset($_POST['saveFile'])) {
    // Filename
    $myFile "../includes/$pageTopic"."Content.txt";
    $fh fopen($myFile'w') or die("can't open file");
    //Get form data
    $stringData $_POST['content'];
    //Write to file and close
    fwrite($fh$stringData);
    fclose($fh);


  • #2
    Regular Coder
    Join Date
    Dec 2009
    Location
    UK
    Posts
    495
    Thanks
    0
    Thanked 58 Times in 58 Posts
    You have magic quotes turned on. Just use the stripslashes() function
    My site: JayGilford.com
    Resources:
    PHP Pagination Class | Getting all page links | Handling PHP Errors properly
    If you like a users help, show your appreciation with the rep and thanks buttons :)

  • Users who have thanked JAY6390 for this post:

    martynball (01-27-2010)

  • #3
    Regular Coder
    Join Date
    Nov 2007
    Posts
    682
    Thanks
    319
    Thanked 1 Time in 1 Post
    I may need to add slashes though as the editor is allowed to use HTML. Is there a way to disable magic quotes off?

  • #4
    Regular Coder
    Join Date
    Dec 2009
    Location
    UK
    Posts
    495
    Thanks
    0
    Thanked 58 Times in 58 Posts
    put set_magic_quotes_runtime(false); at the top of your script
    My site: JayGilford.com
    Resources:
    PHP Pagination Class | Getting all page links | Handling PHP Errors properly
    If you like a users help, show your appreciation with the rep and thanks buttons :)

  • Users who have thanked JAY6390 for this post:

    martynball (01-27-2010)

  • #5
    Regular Coder
    Join Date
    Nov 2007
    Posts
    682
    Thanks
    319
    Thanked 1 Time in 1 Post
    its still doing it

    PHP Code:
    //********************************//
    //     EDITING PAGE CONTENT SCRIPT   //
    //********************************//
    //Edit page
    $theData "../includes/$pageTopic"."Content.txt";
    $includeData "TRUE";
        if (isset(
    $_POST['saveFile'])) {
        
    set_magic_quotes_runtime(false);
        
    // Filename
        
    $myFile "../includes/$pageTopic"."Content.txt";
        
    $fh fopen($myFile'w') or die("can't open file");
        
    //Get form data
        
    $stringData $_POST['content'];
        
    //Write to file and close
        
    fwrite($fh$stringData);
        
    fclose($fh);
        }
    }
    else { 

  • #6
    Senior Coder
    Join Date
    Jul 2009
    Location
    South Yorkshire, England
    Posts
    2,318
    Thanks
    6
    Thanked 304 Times in 303 Posts
    Use this in the base file, or at the VERY top of that script, just after the opening php tag.

    Code:
    if (function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc())
    {
        function strip_slashes($input)
        {
            if (!is_array($input))
            {
                    return stripslashes($input);
            }
            else
            {
                    return array_map('strip_slashes', $input);
            }
        }
        $_GET = strip_slashes($_GET);
        $_POST = strip_slashes($_POST);
        $_COOKIE = strip_slashes($_COOKIE);
        $_REQUEST = strip_slashes($_REQUEST);
    }
    Last edited by MattF; 01-27-2010 at 10:18 PM.

  • Users who have thanked MattF for this post:

    martynball (01-27-2010)

  • #7
    Regular Coder
    Join Date
    Nov 2007
    Posts
    682
    Thanks
    319
    Thanked 1 Time in 1 Post
    That has bogged up the rest of my code.

    PHP Code:
    <?php 
    session_start
    (); 
    if (
    function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc())
    {
            
    $_GET strip_slashes($_GET);
            
    $_POST strip_slashes($_POST);
            
    $_COOKIE strip_slashes($_COOKIE);
            
    $_REQUEST strip_slashes($_REQUEST);
    }
    if(isset(
    $_SESSION['session']) && $_SESSION['permissions'] == "e"){ 
    //user is logged-in, so do nothing 

    else { 
    //user needs to log in. 
    header ("location: ../scripts/php/login.php?mess=You do not have access to this area!"); 
    }
    // ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^//

    //Additional information about what is being edited. 
    $pageTitle "";
    $pageTopic $_GET['page'];
    if (
    $_GET['editType'] == "page") {
        
    $pageTitle "<h1>Editing main page content!</h1>";
    }
    else {
        
    $pageTitle "<h1>Editing comment content!</h1>";
    }

    //Check page has been opened using link
    if ($pageTopic != "" && $_GET['editType'] != "") {
        if (
    $pageTitle == post) {
            if (
    $_GET['pid'] != "") {
            }
        }
    }
    else {
        
    header ("location: ../index.php"); 
    }
        
    if (
    $_GET['editType'] == "page") {

    //********************************//
    //     EDITING PAGE CONTENT SCRIPT   //
    //********************************//
    //Edit page
    $theData "../includes/$pageTopic"."Content.txt";
    $includeData "TRUE";
        if (isset(
    $_POST['saveFile'])) {
        
    // Filename
        
    $myFile "../includes/$pageTopic"."Content.txt";
        
    $fh fopen($myFile'w') or die("can't open file");
        
    //Get form data
        
    $stringData $_POST['content'];
        
    //Write to file and close
        
    fwrite($fh$stringData);
        
    fclose($fh);
        
    $success "<h4>Successfully updated page!</h4>";
        }
    ?>
    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
    <html>
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <title>Page Editor</title>
    <link rel="stylesheet" href="../css/mainsheet.css"/>
    <script type="text/javascript" src="../scripts/js/hoverFix.js"></script>
    </head>
    <body>
    <div class="container" style="padding:3em 0em;">
    <?php echo "$pageTitle"?><br />
    <span class="editorButton">AL</span>
    <span class="editorButton">AM</span>
    <span class="editorButton">AR</span>
    <span class="editorButton">B</span>
    <span class="editorButton">I</span>
    <span class="editorButton">U</span>
    <span class="editorButton">JS</span>
    <span class="editorButton">JS</span>
    <form method="post" name="editPage">
    <textarea name="content" class="field" cols="120" rows="20"><?php echo "$theData"?></textarea><br />
    <input type="submit" name="saveFile" value="Save File"><br />
    <a href="../<?php echo "$pageTopic"?>.php">-Go Back-</a>
    <br /><?php echo "$success"?>
    </form>
    </div>
    </body>
    </html>
    <?php 
    }
    else {

    //********************************//
    //     EDITING POST CONTENT SCRIPT   //
    //********************************//
    //Get Post ID
    $pid $_GET['postid'];
    include 
    "../scripts/php/db.connect.php";
    $result mysql_query("SELECT * from stokegta_posts WHERE postID='$pid'") or die ('Error: '.mysql_error());
    $row mysql_fetch_array($result);

    //Variables
    $postComment=$row['postComment'];
    $srid $_SESSION['session'];
    $srid explode("."$srid);
    $username $srid[0];

    if (!
    $row) {
        echo 
    "Error getting data for this post!";
    }
    if (isset(
    $_POST['submitMessage']) {
        
    }
    ?>
    <html>
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <title>Page Editor</title>
    <link rel="stylesheet" href="../css/mainsheet.css"/>
    <script type="text/javascript" src="../scripts/js/hoverFix.js"></script>
    </head>
    <body>
    <div class="container" style="padding:3em 0em;">
    <?php echo "$pageTitle"?><br />
    <fieldset><legend>Edit Comment:</legend>
    <form name="editComment" method="post">
    <textarea class="field" cols="70" rows="10" name="message">
    <?php echo "$postComment"?> - Comment edited by <?php echo $srid[0]; ?>
    </textarea><br />
    <input type="button" name="submitMessage" value="Edit Message">
    </form>
    </fieldset>
    <a href="../<?php echo "$pageTopic"?>.php">-Go Back-</a>
    <?php ?>

  • #8
    Senior Coder
    Join Date
    Jul 2009
    Location
    South Yorkshire, England
    Posts
    2,318
    Thanks
    6
    Thanked 304 Times in 303 Posts
    Check the update I made to my initial post. I forgot to include the function.

  • #9
    Regular Coder
    Join Date
    Nov 2007
    Posts
    682
    Thanks
    319
    Thanked 1 Time in 1 Post
    Awesome, cheers. Works now

  • #10
    Regular Coder
    Join Date
    Nov 2007
    Posts
    682
    Thanks
    319
    Thanked 1 Time in 1 Post
    Another question, how can I do this:
    PHP Code:
    "INSERT INTO stokegta_posts (postComment) VALUES ('".$message."') WHERE postID='$pid'"
    I am just getting errors the way I have done it.

  • #11
    Senior Coder
    Join Date
    Jul 2009
    Location
    South Yorkshire, England
    Posts
    2,318
    Thanks
    6
    Thanked 304 Times in 303 Posts
    Code:
    "INSERT INTO stokegta_posts (postComment) VALUES ('".mysql_real_escape_string($message)."') WHERE postID='$pid'";
    I would suggest escaping all input to the DB on that page using the same method now. That's what magic_quotes was doing, essentially.

  • Users who have thanked MattF for this post:

    martynball (01-28-2010)

  • #12
    Regular Coder
    Join Date
    Nov 2007
    Posts
    682
    Thanks
    319
    Thanked 1 Time in 1 Post
    I will do, but the command does not work...

    Code:
    You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE postID='21'' at line 1

  • #13
    Senior Coder
    Join Date
    Jul 2009
    Location
    South Yorkshire, England
    Posts
    2,318
    Thanks
    6
    Thanked 304 Times in 303 Posts
    You do UPDATE on an existing entry and INSERT INTO to create a new entry. Which are you doing?

  • #14
    Regular Coder
    Join Date
    Dec 2009
    Location
    UK
    Posts
    495
    Thanks
    0
    Thanked 58 Times in 58 Posts
    You should use mysql_real_escape_string on all data you put in your sql queries
    My site: JayGilford.com
    Resources:
    PHP Pagination Class | Getting all page links | Handling PHP Errors properly
    If you like a users help, show your appreciation with the rep and thanks buttons :)


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •