Hi Pro,
I have a question
i have an textarea for user to key in and a button for user to save what they key in into the textarea.
if i key in '"\ in to textarea
and i press the button save the file, the file is not shown '"\, it shows \'\"\\,
Why the file was added in this symbol \ inside my file? This will not happen if i didn't key in these three symbols.
Below is my phpcode and html code.
phpcode -
<?PHP
-
// Check for user data.
-
if ( $_POST['FileContent'] ) {
-
// Create a unique-ish filename.
-
$FileName = "testing.php";
-
// Create and open the file.
-
$FileHandle = fopen ( $FileName, 'w' );
-
// Write the data.
-
fwrite ( $FileHandle, $_POST['FileContent'] );
-
// Close the file.
-
fclose ( $FileHandle );
-
-
// Set file header information.
-
header ( 'Content-Type: text/html' );
-
header ( 'Content-Description: File Transfer' );
-
header ( 'Content-Disposition: attachment; filename="' . basename($FileName) . '"' );
-
header ( 'Content-Length: ' . filesize($FileName) );
-
-
// Push file to client.
-
readfile($FileName);
-
-
// Delete file.
-
unlink($FileName);
-
-
exit();
-
}
-
?>
-
html code -
<form action="" method="post">
-
<textarea name="FileContent"></textarea> <input type="submit">
-
</form>
-
I would appreciate if any one can solve this from me.
9  2145 
Thank you for your prompt.
I try to add in below code in to my php. But the result same. -
set_magic_quotes_runtime(false);
-
Can you give me advice?
Markus 6,050
Recognized Expert Expert @TheServant
Hopefully not; It's an inconvenience.
Atli 5,058
Recognized Expert Expert
Hi.
Note that magic_quotes_ru ntime is not used for incoming request data, like POST data and cookies. Request data is escaped based on the value of magic_quotes_gp c.
This can not be changed on a per-file bases, because once your PHP code is executed, the request data will already have been fetched and processed.
The solution is to use the get_magic_quote s_gpc with the stripslashes function, like so: -
function getPost($name) {
-
if(get_magic_quotes_gpc()) {
-
return stripslashes($_POST[$name]);
-
}
-
else {
-
return $_POST[$name];
-
}
-
}
-
-
$myField = getPost('myField');
-
Or simply clean the entire array at the top of the page: - if(get_magic_quotes_gpc()) {
-
function stripArray(&$arr) {
-
foreach($arr as &$_elem) {
-
if(is_array($_elem)) {
-
stripArray($_elem);
-
}
-
else {
-
$_elem = stripslashes($_elem);
-
}
-
}
-
}
-
stripArray($_POST);
-
}
The best solution, however, is to simply turn the magic_quotes_gp c directive off in your php.ini configuration file.
Thank you for you all kindly reply. You all are amazing.
I use below code to solve my problem. -
<?php
-
// Check for user data, if its not empty do this...
-
if ( !empty( $_POST['FileContent'] ) )
-
{
-
// stripslash the user input
-
$string = stripslashes( $_POST["FileContent"] );
-
// Create a unique-ish filename.
-
$FileName = "Sitemaps.php";
-
// Create and open the file.
-
$FileHandle = fopen ( $FileName, 'w' );
-
// Write the data.
-
fwrite ( $FileHandle, $string );
-
// Close the file.
-
fclose ( $FileHandle );
-
// Set file header information.
-
header ( 'Content-Type: text/html' );
-
header ( 'Content-Description: File Transfer' );
-
header ( 'Content-Disposition: attachment; filename="' . basename( $FileName ) . '"' );
-
header ( 'Content-Length: ' . filesize( $FileName ) );
-
// Push file to client.
-
readfile( $FileName );
-
// Delete file.
-
unlink( $FileName );
-
-
exit();
-
}
-
-
?>
-
@Atli
Your code is interesting . If i want to use your code. How can i combine your code? Can you show me?
Thank you in advance
 Atli 5,058
Recognized Expert Expert @qiqinuinaifen12 8
Sure.
If you want to check each field separately, you could put a function, like the one in my first example, at the top of the page.
Then, rather then doing: - $string = stripslashes( $_POST["FileContent"] );
You would do: - $string = getPost('FileContent');
Or, if you would like to check each field automatically before you use them, you could simply put something like the IF statement in my second example at the top of your page.
Then you could get the fields directly from the $_POST array. - $string = $_POST['FileContent'];
Validating user input is by far the most important thing to do when developing a website, so most developers end up using a variant of either of these techniques. They can be easily modified to do additional validation.
I recommend you take a look at the Security chapter in the manual.
Specifically the parts about User Submitted Data and SQL Injection.
Once you get a handle on those two topics, you will be safe against most of the security threats out there.
Thank you for you help and info. You all are fabulous.
Sign in to post your reply or Sign up for a free account.
Similar topics | |
by: Doug van Vianen |
last post by:
Hi,
I am working on an Applet which provides some mouse practice for
new computer users in our local seniors' computer club. The applet
contains several cards, in a card layout, which are displayed to
the user one after the other as needed to present some particular
mouse operation. This all works fine. One card (card 4 below)
includes a textarea and a button. What I wish to do is have the user
use the mouse to select some text from the...
|
by: McKirahan |
last post by:
I'd like to use regular expressions to remove extraneous Carriage Return
Line Feeds (CrLf) from a textarea before the form is submitted.
I'd like to remove all trailing CrLf's and convert all instances of 3
consectutive CrLf's to just 2.
I first escape() the textarea and match "%0D%0A" (i.e. CrLf).
Here's what I've been testing; watch for word-wrap:
|
by: mappo |
last post by:
There are about a million posts on how to get rid of the extra space _after_ the
form end-tag, but I can't find any that solve my problem: extra space _in_ the
form tag.
I have a table nestled inside the form and since I want the submit button
underneath the input text field i have a br tag to separate them. For some
reason IE5.5 gives me what seems like two br tags. It looks good in Opera 7,
and in K-Meleon 0.6 (Gecko).
|
by: opt_inf_env |
last post by:
Hello,
I would like to create a text area where user can write only a limited
number of symbols. Anybody know whether it can be done in html?
|
by: mark.heyden |
last post by:
Hi Frends,
I am facing problems while trying to export data into
pipe format. In fact I am fetching records from mysql database and then
trying to create a text file ( using pipe as delimeter) , intending to
open in Excel.
The data is been inserted from textarea fields, where the
user can write text and may press enter key to format his text
accordingly. Now when the data entered into the database it keeps some
| | |
by: divya |
last post by:
I have a form which has a textarea,name - txtTo where he adds email
addresses.Now when he clicks on sendemail I want to open a mailto link
with addresses taken from textarea.
Example
I added in the text area these three addresses
divyasanam@yahoo.com,ewew@yah.com,gjh@yahoo.com
and now when I click on send email a ComposeMail window in outlook
|
by: gshriram |
last post by:
I have few texts displayed in textarea, these texts have single spaces in between when I display these as labels it looks fine but when I display the same in text area every single space becomes double spaces.
The Framework iam using is Struts Framework.
|
by: DavidPr |
last post by:
I'm creating (trying to create) a picture gallery for my website.
The script is not working. I've been working on it now for about 80 hours with no success. My php skills aren't very good.
This picture gallery uses 2 mysql tables: acwrtcats and acwrtpics
The table acwrtcats has 2 fields: cat_name and cat_desc. The cat_name is the name of a category that pictures will be filed under, and cat_desc is a brief description of the category.
...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
| | |
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
