Menu
Community /Pin to ProfileBookmark
@NogDogApr 02.2006 — #Add this function to your script:
Then, wherever you output data from form inputs:
Also, I'd suggest replace $_REQUEST with $_POST, since you're using the post method in your form (and this way you wouldn't have to worry about name-space collisions with cookies or URL query values).
Quote marks and apostrophe problem
Hi,
I’m using a simple comments script to allow feedback on an articles based website. Here’s the code:
[code=php]<?php
//Sets the page that you can include into yous site layout.
$blog = “blog.html”;
$page = $blog;
if(empty($_GET[‘action’])){
?>
<form action=”<?php echo $_SERVER[‘../PHP_SELF’]; ?>?action=write” method=”post” onSubmit=”MM_validateForm(‘Name’,”,’R’,’Age’,”,’RisNum’,’Profession’,”,’R’,’Comment’,”,’R’);return document.MM_returnValue” name=”form1″>
<p><span class=”article_title”>Add Your </span><span class=”article_title2″>Comment:</span><br>
<br>
<input name=”1″ type=”hidden” id=”1″ value=”Name: “>
<span class=”body_text”>Name:</span><br>
<input name=”Name” type=”text” class=”textfield” id=”Name” size=”50″>
</p>
<p>
<input name=”3″ type=”hidden” id=”3″ value=”Age: “>
<span class=”body_text”>Age:</span><br>
<input name=”Age” type=”text” class=”textfield2″ id=”Age” size=”3″ maxlength=”3″>
</p>
<p>
<input name=”5″ type=”hidden” id=”5″ value=”Profession: “>
<span class=”body_text”>Profession:</span><br>
<input name=”Profession” type=”text” class=”textfield” id=”Profession” size=”50″>
</p>
<p>
<input name=”7″ type=”hidden” id=”7″ value=”Comment: “>
<span class=”body_text”>Comment:</span><br>
<textarea name=”Comment” cols=”50″ rows=”9″ class=”textfield” id=”Comment”></textarea>
<br/>
<input name=”9″ type=”hidden” value=”Posted on
<?php echo date(‘l jS of F Y at h:i a’); ?>” />
</p>
<p>
<input name=”Submit” type=”submit” id=”button” value=”Submit”>
</p>
</form>
<?php
}else{
$fp=fopen($page , “a”);
fputs($fp, “<div id=blog_border>”);
fputs($fp, “<div id=blog_header>”);
fputs($fp, $_REQUEST[‘Name’]); fputs($fp, “, ”);
fputs($fp, $_REQUEST[‘Age’]); fputs($fp, “, ”);
fputs($fp, $_REQUEST[‘Profession’]); fputs($fp, “, ”);
fputs($fp, “comments:”);
fputs($fp, “</div>”);
fputs($fp, “<br>”);
fputs($fp, “<div id=blog_maintext>”);
$_REQUEST[Comment] = nl2br($_REQUEST[Comment]);
fputs($fp, $_REQUEST[‘Comment’]);
fputs($fp, “</div>”);
fputs($fp, “<br>”);
fputs($fp, “<div id=blog_footer>”);
fputs($fp, $_REQUEST[‘9′]);
fputs($fp, “</div>”);
fputs($fp, “</div>”);
fputs($fp, “<br><br>”);
if (fclose($fp)){
print “<div id=title_id>Your comment has been added</div>n”;
}else{
print “<div id=title_id><font style=”color:red;”>There was a problem saving your comment</font></div>n”;
}
print “<p><input type=”button” value=”Close” id=”button” onClick=”window.location.href=’refresh.html’;” /></p>”;
}//end if action
?>
At the moment if a user inputs characters such as ‘ or ” eg ‘script’, it’s written to the file blog.html as ‘script’.
My question is how do I get rid of these backslashes? I think I may have to implement the htmlentities function, but can someone show me where I need to put it into the code to make it work? I’m new to PHP so any help would be great!
Sign in
to post a comment5 Comments(s) ↴
0
@NogDogApr 02.2006 — #Add this function to your script:[code=php]
function clean_output($text)
{
if(get_magic_quotes_gpc())
{
$text = stripslashes($text);
}
return(htmlentities($text));
}
[/code]Then, wherever you output data from form inputs:
[code=php]
fputs($fp, clean_output($_REQUEST['Comment']));
[/code]Also, I'd suggest replace $_REQUEST with $_POST, since you're using the post method in your form (and this way you wouldn't have to worry about name-space collisions with cookies or URL query values).