Hi,
I’m using a simple comments script to allow feedback on an articles based website. Here’s the code:
[code=php]<?php
//Sets the page that you can include into yous site layout.
$blog = “blog.html”;
$page = $blog;
if(empty($_GET[‘action’])){
?>
<form action=”<?php echo $_SERVER[‘../PHP_SELF’]; ?>?action=write” method=”post” onSubmit=”MM_validateForm(‘Name’,”,’R’,’Age’,”,’RisNum’,’Profession’,”,’R’,’Comment’,”,’R’);return document.MM_returnValue” name=”form1″>
<p><span class=”article_title”>Add Your </span><span class=”article_title2″>Comment:</span><br>
<br>
<input name=”1″ type=”hidden” id=”1″ value=”Name: “>
<span class=”body_text”>Name:</span><br>
<input name=”Name” type=”text” class=”textfield” id=”Name” size=”50″>
</p>
<p>
<input name=”3″ type=”hidden” id=”3″ value=”Age: “>
<span class=”body_text”>Age:</span><br>
<input name=”Age” type=”text” class=”textfield2″ id=”Age” size=”3″ maxlength=”3″>
</p>
<p>
<input name=”5″ type=”hidden” id=”5″ value=”Profession: “>
<span class=”body_text”>Profession:</span><br>
<input name=”Profession” type=”text” class=”textfield” id=”Profession” size=”50″>
</p>
<p>
<input name=”7″ type=”hidden” id=”7″ value=”Comment: “>
<span class=”body_text”>Comment:</span><br>
<textarea name=”Comment” cols=”50″ rows=”9″ class=”textfield” id=”Comment”></textarea>
<br/>
<input name=”9″ type=”hidden” value=”Posted on
<?php echo date(‘l jS of F Y at h:i a’); ?>” />
</p>
<p>
<input name=”Submit” type=”submit” id=”button” value=”Submit”>
</p>
</form>
<?php
}else{
$fp=fopen($page , “a”);
fputs($fp, “<div id=blog_border>”);
fputs($fp, “<div id=blog_header>”);
fputs($fp, $_REQUEST[‘Name’]); fputs($fp, “, ”);
fputs($fp, $_REQUEST[‘Age’]); fputs($fp, “, ”);
fputs($fp, $_REQUEST[‘Profession’]); fputs($fp, “, ”);
fputs($fp, “comments:”);
fputs($fp, “</div>”);
fputs($fp, “<br>”);
fputs($fp, “<div id=blog_maintext>”);
$_REQUEST[Comment] = nl2br($_REQUEST[Comment]);
fputs($fp, $_REQUEST[‘Comment’]);
fputs($fp, “</div>”);
fputs($fp, “<br>”);
fputs($fp, “<div id=blog_footer>”);
fputs($fp, $_REQUEST[‘9′]);
fputs($fp, “</div>”);
fputs($fp, “</div>”);
fputs($fp, “<br><br>”);
if (fclose($fp)){
print “<div id=title_id>Your comment has been added</div>n”;
}else{
print “<div id=title_id><font style=”color:red;”>There was a problem saving your comment</font></div>n”;
}
print “<p><input type=”button” value=”Close” id=”button” onClick=”window.location.href=’refresh.html’;” /></p>”;
}//end if action
?>
At the moment if a user inputs characters such as ‘ or ” eg ‘script’, it’s written to the file blog.html as ‘script’.
My question is how do I get rid of these backslashes? I think I may have to implement the htmlentities function, but can someone show me where I need to put it into the code to make it work? I’m new to PHP so any help would be great!