On Fri, 2004-10-08 at 06:22 -0700, Sam Smith wrote:
> I swear I googled for an hour first.
>
>
> A user enters in a textarea field of FORM1.php:
> Bob is "high"
>
> Submitted to FROM2.php we get:
>
> Bob is \"high\"
>
> In a hidden field in FROM2.php we store the value: <type="hidden", value="<?
> echo stripslashes($_POST['textarea']); ?>> Value now Bob is "high"
>
> Then from FROM2.php we Submit BACK to FROM1.php and enter it back into the
> textarea field with:
> <type="textarea", value="<? echo $_POST['hidden']); ?>
>
> we have;
> Bob is
>
> Everything after the first double quote is clobbered.
>
> I can fix this by putting this in FORM2.php:
> $APParea1 = $_POST['textarea'];
> $APParea1 = str_replace("\"","[QT]",$APParea1);
>
> and then back by putting this in FORM1.php:
> $APParea1 = $_POST['hidden'];
> $APParea1 = str_replace("[QT]","\"",$APParea1);
>
> <type="textarea", value="<? echo $APParea1; ?>
>
>
> BUT THIS must have happened many times a long long time ago to many good
> people and some smart function was developed, right?
>
>
> Thanks
>
stripslashes()
addslashes()
another option is to turn off magic quotes.
-Robby
--
/***************************************
* Robby Russell | Owner.Developer.Geek
* PLANET ARGON | www.planetargon.com
* Portland, OR | robby@xxxxxxxxxxxxxxx
* 503.351.4730 | blog.planetargon.com
* PHP/PostgreSQL Hosting & Development
****************************************/
Attachment:
signature.asc
Description: This is a digitally signed message part
