RE: Quotes """ in form textarea fields

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Yes, the magic quotes will get you, but they are meant to "protect" you.

Either

1. Go into php.ini and disable them
2. Create an include file that you include in each script, in it, use ini_set() to disable magic quotes at run time http://us2.php.net/manual/en/function.ini-set.php


-----Original Message-----
From:	Sam Smith [mailto:php@xxxxxxxx]
Sent:	Fri 10/8/2004 6:22 AM
To:	PHP
Cc:	
Subject:	Quotes """ in form textarea fields

I swear I googled for an hour first.


A user enters in a textarea field of FORM1.php:
Bob is "high"

Submitted to FROM2.php we get:

Bob is \"high\"

In a hidden field in FROM2.php we store the value: <type="hidden", value="<?
echo stripslashes($_POST['textarea']); ?>> Value now Bob is "high"

Then from FROM2.php we Submit BACK to FROM1.php and enter it back into the
textarea field with:
<type="textarea", value="<? echo $_POST['hidden']); ?>

we have;
Bob is

Everything after the first double quote is clobbered.

I can fix this by putting this in FORM2.php:
$APParea1 = $_POST['textarea'];
$APParea1 = str_replace("\"","[QT]",$APParea1);

and then back by putting this in FORM1.php:
$APParea1 = $_POST['hidden'];
$APParea1 = str_replace("[QT]","\"",$APParea1);

<type="textarea", value="<? echo $APParea1; ?>


BUT THIS must have happened many times a long long time ago to many good
people and some smart function was developed, right?


Thanks




[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux