Menu
Community /Pin to ProfileBookmark
@NogDogDec 20.2005 — #Try using this function instead of stripslashes() when outputting post vars:
@NogDogDec 20.2005 — #Hmmm....this worked OK for me, a few stylistic changes - maybe you'll see something different?
Anyone seen anything like this variable values?
So I have a textarea. The page is getting processed in itself. This is what I put in the textarea
[quote]
This is a demo thing blah blah bhalhjsdlfjlasdfjlasdhf;lkjasdf.js.dvnlasndvlasndf;.lnsa.nfclasjThis is a demo thing blah blah bhalhjsdlfjlasdfjlasdhf;lkjasdf.js.dvnlasndvlasndf;.lnsa.nfclasjThis is a demo thing blah blah bhalhjsdlfjlasdfjlasdhf;lkjasdf.js.dvnlasndvlasndf;.lnsa.nfclasj
.<>,./!@#$!@%#&^$&
exactly as you see it.
I have this code running
[code=php]
printf(“artdescrips: “.$_POST[‘artdescrip’].”<br />n”);
printf(“Hi mom!”);
and i see
[quote]
artdescrips:
Hi mom!
when nothing is posted to the page and I only see
[quote]
Hi mom!
when soemthing gets posted to the page.
Below are my escape function and how i generate my textarea. Does anyone know what’s going on the value of the this field when i submit the page? I’m stumped, it works fine without: “.<>,./!@#$!@%#&^$&” but does this with it.
[code=php]
printf(”
<form action=”index.php” method=”post”>n
<label for=”title”>Title:</label><input type=”text” name=”title” size=”25″ maxlength=”150″ value=””.stripslashes($_POST[‘title’]).”” /><br />n
<label for=”pages”>Number of Pages:</label><input type=”text” name=”pages” size=”3″ maxlength=”3″ value=””.stripslashes($_POST[‘pages’]).”” /><br />n
<label for=”artdescrip”>Brief Description:</label><textarea name=”artdescrip” rows=”3″ cols=”80″ wrap=”soft”>”);
printf($_POST[‘artdescrip’]);
printf(“</textarea><br />n
<input type=”submit” name=”add_art” value=”begin adding article” /><input type=”reset” name=”reset” value=”reset”>n
</form>
“);
function escape($text){
if (get_magic_quotes_gpc()){
$text=stripslashes($text);
}
return mysql_real_escape_string($text);
}
escape appears at the top of the page, btw, and no, the $_POST[‘artdescrip’] doesn’t populate in the textarea as I want it to.
And to clarify, in summary.
When I post to this page, with the string above, it seems that the value of $_POST[‘artdescrip’] is somehow interfering with functions using it.
Edit: and now when i think of it, the escape function is completely irrelevant to the situation.
Sign in
to post a comment9 Comments(s) ↴
0
@NogDogDec 20.2005 — #Try using this function instead of stripslashes() when outputting post vars:[code=php]
function output_post($text)
{
if(get_magic_quotes_gpc())
{
$text = stripslashes($text);
}
return(htmlentities($text));
}
[/code]0
@NogDogDec 20.2005 — #Hmmm....this worked OK for me, a few stylistic changes - maybe you'll see something different?[code=php]
function output_post($text)
{
if(get_magic_quotes_gpc())
{
$text = stripslashes($text);
}
return(htmlentities($text));
}
printf("
<form action='index.php' method='post'>n
<label for='title'>Title:</label><input type='text' name='title' size='25' maxlength='150' value='%s' /><br />n
<label for='pages'>Number of Pages:</label><input type='text' name='pages' size='3' maxlength='3' value='%s' /><br />n
<label for='artdescrip'>Brief Description:</label><textarea name='artdescrip' rows='3' cols='80' wrap='soft'>%s</textarea><br />n
<input type='submit' name='add_art' value='begin adding article' /><input type='reset' name='reset' value='reset'>n
</form>",
output_post($_POST['title']),
output_post($_POST['pages']),
output_post($_POST['artdescrip'])
);
[/code]