Reply to Re: Form field value containing backslash

Your name:

Reply:


Posted by Jerry Stuckle on 05/23/07 10:38

semi_evil@inbox.com wrote:
> Hi,
>
> I have recently taken up PHP programming, and I got stuck on the
> following.
> <?
> $p_body = (isset ($_POST['body' ]) && ($_POST['body'] != '')) ?
> $_POST['body'] : 'Enter your text here';
> $p_name = (isset ($_POST['name' ]) && ($_POST['name'] != '')) ?
> $_POST['name'] : 'Enter name';
> $p_mail = (isset ($_POST['mail' ]) && ($_POST['mail'] != '')) ?
> $_POST['mail'] : 'Enter email';
> $output = <<<CODEREH
> <form method="POST" action="doform.php">
> <p><input type="TEXT" name="name" value="$p_name" /></p>
> <p><input type="TEXT" name="email" value="$p_mail" /></p>
> <p><input type="TEXT" name="body" value="$p_body" /></p>
> <p><input type="SUBMIT" value="Store it!" /></p>
> </form>
> CODEREH;
> $invalid_body=array('','Enter your text here');
> $invalid_name=array('','Enter name');
> $invalid_mail=array('','Enter email');
> if (validate($p_body,$invalid_body) && validate($p_name,$invalid_name)
> && validate($p_mail,$invalid_mail)) // fields not entered correctly
> {
> //process form data and provide link to continue (or enter another
> set of data)
> exit;
> }
> // data not entered correctly
> echo "All fields must be entered!";
> ?>
>
> If either field contains backslashes, they are duplicated when the
> form reloads.
> Each successive form submission \ becomes \\, \\\\, \\\\\\\\ etc etc
>
> Why does this happen and how do I fix the variables to show the
> original data each time?
> I know I am a newbie, probably an easy one for this group. Can you
> help me out though?
>
> Semi
>

Semi,

You probably have magic_quotes_gpc on in your php.ini file. If so, turn
it off (it defaults to on); it's not good to have.

If this is your hosting company, the first thing I'd recommend is
changing hosting companies. There's no good reason (IMHO) why they
should be running with it on nowadays.

If it is your host and you can't change, to get rid of them, use
stripslashes(). And if you test to see if magic quotes is on, your code
will be more transportable, i.e.

if (get_magic_quotes_gpc())
$body = stripslashes($_POST['body']);

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

[Back to original message]
Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация