Topic: PHP

[Hiatus]

I'm hoping there are other web developers out there who can help me out here...

I am having trouble with this code, and it has been bugging me for a long time now. I just can't get it to work.

This is what I have:

[LOTS OF CODE]

<?
            if($_SESSION['login'] && $_SESSION['admin'] && $_GET['action'] == 'edit') {
            ?>

               <FORM METHOD="POST" ACTION="<? echo $_SERVER['PHP_SELF']; ?>?action=update">
            
               <?
               $path = $_SERVER['PATH_TRANSLATED'];

               $data = file_get_contents($path) or die('Could not read file.');

               $content = htmlentities($data, ENT_NOQUOTES, 'ISO-8859-1');
               ?>

               <p>

Page Name:

</p>
               <center><input type="text" name="page_name" value="<? echo $_SERVER['PATH_TRANSLATED']; ?>" style="background-color: #000000; border: 1px solid grey; width: 500px; height:20px;">
              


               <p>

Page Content:

</p>
               <textarea name="page_content" wrap="off" rows=19 cols=80 style="background:transparent; color: #FFFFFF; border: 1px solid grey;"> <? echo $content; ?> </textarea>
              


               <input type="Submit" value="Update Page" style="position: relative; background-color: #000000; font-family: Impact; font-size: 12px; border:1px solid grey; width:70px; height:20px;"></center>

               </FORM>
               <?

            } else if($_SESSION['login'] && $_SESSION['admin'] && $_GET['action'] == 'update') {

               $file = $_POST['page_name'];
               $content = $_POST['page_content'];

               // $fh = fopen($file, 'w') or die('Could not open file.');

               echo $_POST['page_content'];

               // fwrite($fh, $content) or die('Could not write to file.');
              
               // fclose($fh);

               ?>
               <center>
               Updated...
              


               <a href="index.php">Home[/url]
              


               </center>
               <?
            
            } else {

[ETC...]

The problem I am having is that when the textarea is posted, it (somehow) messes up the code and puts a "\" before every single and double quote. I don't know why it is doing this to me. If I can figure this out, it would work perfectly...

I hope this makes sense. I can probably clarify more if need be. I hope someone can help. Thanks.

[sam]

clarification needed here...could be my mind not working (long week) but i dont have a clue what you are on about in your text....how long is the code, did you write it? what version of php are u using?

[Hiatus]

The code that I posted is just part of the file. I can send the rest to you in a private message if u want...either PM me or post here if u want the rest. I don't really want to post it all online if I can avoid it.

I wrote most of it, but also did a bit of research on the web for some stuff (like the "htmlentities()"...I had never heard of it until now...)

Also, I believe I am running PHP 4.3.10.

[sam]

so you reckon the htmlentities is where it is going wrong.. ill have a think about that.

[sam]

oh one other thing are you sure all the function you are running are compatible with that version of php

[Hiatus]

Yep, all the functions are compatible. The only one that wouldn't compatible is file_put_contents() if I were using it, which I wish I could...but it only work in PHP 5.

I think the problem occurs during POST. The htmlentities() function works fine. What it does (if anyone was wondering) is converts the "<" and ">" and a few other things to "words". "<" would become &lt; and ">" would become &gt;. Therefore, the html code will not render itself to display as a page, but rather as text.

Anyways, what confuses me is that you are supposed to use html_entity_decode() to decode the html and change &lt; back to "<", etc., etc. But, I didn't have to do this. I'm thinking that during the POST stage, it decodes all the tags and also somehow messes it up, adding the \'s in.

I don't know...this is too confusing  :?

[sam]

ok!! I now have realised the problem!! php adds these tags! give me a minute i think i have your solution...

[sam]

you are indeed correct that it is the POST bit that is going wrong, from php.net:

The PHP directive  magic_quotes_gpc is on by default, and it essentially runs addslashes() on all GET, POST, and COOKIE data.

So what you need to do is turn off this.

Firstly it would be worth checking if this is on, just in case it is something else, to do this you can use the following php script:

Code: [Select]

<?php

highlight_string &#40; "<?php

if &#40;get_magic_quotes_gpc&#40;&#41;==1&#41; &#123;

echo &#40; "Magic quotes gpc is on" &#41;;

&#125; else &#123;

echo &#40; "Magic quotes gpc is off" &#41;;

&#125;

?>" );
?>

If this is the case you can get around this by using the following code (put it near the top:

Code: [Select]

if (get_magic_quotes_gpc()) {

 // Yes? Strip the added slashes

 $_POST = array_map('stripslashes', $_POST);


}

You can also turn this off by putting a .htaccess file in the directory where the script runs from containing:

For php4

Code: [Select]

<?php
highlight_string &#40; "<IfModule mod_php4.c>
php_flag magic_quotes_gpc off
</IfModule>" &#41;;
?>

For php3

Code: [Select]

<?php
highlight_string &#40; "<IfModule mod_php3.c>
php3_flag magic_quotes_gpc off
</IfModule>" &#41;;
?>

but you might not want to do this if you are reading to a database.

[sam]

oh and more info can be found at:

http://uk.php.net/stripslashes

http://uk2.php.net/manual/en/function.get-magic-quotes-gpc.php

http://uk.php.net/addslashes


hope this resolves your issue...what you doing with the code btw (overall aim I mean)?

[Hiatus]

Beautiful! It worked!

That's awesome, thanks man.

I am using the code so that I can login to my site from anywhere and edit it. Just in case I have to change or add something quickly, and I can't get to my computer to do it.

Anyways, thanks again!

[sam]

cool, good idea.

glad i could help.