473,395 Members | 1,441 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > php > questions > extra \ symbols added to text from my textarea.

Join Bytes to post your question to a community of 473,395 software developers and data experts.

Extra \ symbols added to text from my textarea.

Hi Pro,

I have a question

i have an textarea for user to key in and a button for user to save what they key in into the textarea.

if i key in '"\ in to textarea
and i press the button save the file, the file is not shown '"\, it shows \'\"\\,
Why the file was added in this symbol \ inside my file? This will not happen if i didn't key in these three symbols.

Below is my phpcode and html code.

phpcode
Expand|Select|Wrap|Line Numbers
  1. <?PHP
  2.    // Check for user data.
  3.   if ( $_POST['FileContent'] ) {
  4.      // Create a unique-ish filename.
  5.     $FileName = "testing.php";
  6.      // Create and open the file.
  7.     $FileHandle = fopen ( $FileName, 'w' );
  8.      // Write the data.
  9.     fwrite ( $FileHandle, $_POST['FileContent'] );
  10.      // Close the file.
  11.     fclose ( $FileHandle );
  12.  
  13.      // Set file header information.
  14.     header ( 'Content-Type: text/html' );
  15.     header ( 'Content-Description: File Transfer' );
  16.     header ( 'Content-Disposition: attachment; filename="' . basename($FileName) . '"' );
  17.     header ( 'Content-Length: ' . filesize($FileName) );
  18.  
  19.      // Push file to client.
  20.     readfile($FileName);
  21.  
  22.      // Delete file.
  23.     unlink($FileName);
  24.  
  25.     exit();
  26.   }
  27. ?>  
  28.  
html code
Expand|Select|Wrap|Line Numbers
  1. <form action="" method="post"> 
  2. <textarea name="FileContent"></textarea> <input type="submit">
  3.  </form>
  4.  


I would appreciate if any one can solve this from me.
Feb 24 '09 #1
9 2101
Markus
6,050 Expert 4TB
You have magic_quotes turned on.
Feb 24 '09 #2
Thank you for your prompt.

I try to add in below code in to my php. But the result same.
Expand|Select|Wrap|Line Numbers
  1. set_magic_quotes_runtime(false);
  2.  
Can you give me advice?
Feb 24 '09 #3
TheServant
1,168 Expert 1GB
You can try use stripslashes() which removes "\" characters. Just try it and see if that works. If it does then your set_magic_quotes_runtime(false); is not working. Also just so everyone knows, magic_quotes_runtime() has been DEPRECATED as of PHP 5.3.0 and REMOVED as of PHP 6.0.0. Relying on this feature is highly discouraged.
I am not sure if there is a replacement.
Feb 24 '09 #4
Markus
6,050 Expert 4TB
@TheServant
Hopefully not; It's an inconvenience.
Feb 24 '09 #5
Atli
5,058 Expert 4TB
Hi.

Note that magic_quotes_runtime is not used for incoming request data, like POST data and cookies. Request data is escaped based on the value of magic_quotes_gpc.

This can not be changed on a per-file bases, because once your PHP code is executed, the request data will already have been fetched and processed.

The solution is to use the get_magic_quotes_gpc with the stripslashes function, like so:
Expand|Select|Wrap|Line Numbers
  1. function getPost($name) {
  2.   if(get_magic_quotes_gpc()) {
  3.     return stripslashes($_POST[$name]);
  4.   }
  5.   else {
  6.     return $_POST[$name];
  7.   }
  8. }
  9.  
  10. $myField = getPost('myField');
  11.  
Or simply clean the entire array at the top of the page:
Expand|Select|Wrap|Line Numbers
  1. if(get_magic_quotes_gpc()) {
  2.     function stripArray(&$arr) {
  3.         foreach($arr as &$_elem) {
  4.             if(is_array($_elem)) {
  5.                 stripArray($_elem);
  6.             }
  7.             else {
  8.                 $_elem = stripslashes($_elem);
  9.             }
  10.         }
  11.     }
  12.     stripArray($_POST);
  13. }
The best solution, however, is to simply turn the magic_quotes_gpc directive off in your php.ini configuration file.
Feb 24 '09 #6
Thank you for you all kindly reply. You all are amazing.
I use below code to solve my problem.

Expand|Select|Wrap|Line Numbers
  1. <?php 
  2. // Check for user data, if its not empty do this... 
  3. if ( !empty( $_POST['FileContent'] ) ) 
  5.         // stripslash the user input 
  6.         $string = stripslashes( $_POST["FileContent"] ); 
  7.         // Create a unique-ish filename. 
  8.         $FileName = "Sitemaps.php"; 
  9.         // Create and open the file. 
  10.         $FileHandle = fopen ( $FileName, 'w' ); 
  11.         // Write the data. 
  12.         fwrite ( $FileHandle, $string ); 
  13.         // Close the file. 
  14.         fclose ( $FileHandle ); 
  15.         // Set file header information. 
  16.         header ( 'Content-Type: text/html' ); 
  17.         header ( 'Content-Description: File Transfer' ); 
  18.         header ( 'Content-Disposition: attachment; filename="' . basename( $FileName ) . '"' ); 
  19.         header ( 'Content-Length: ' . filesize( $FileName ) ); 
  20.         // Push file to client. 
  21.         readfile( $FileName ); 
  22.         // Delete file. 
  23.         unlink( $FileName ); 
  24.  
  25.         exit(); 
  27.  
  28. ?> 
  29.  
Feb 25 '09 #7
@Atli
Your code is interesting . If i want to use your code. How can i combine your code? Can you show me?
Thank you in advance
Feb 25 '09 #8
Atli
5,058 Expert 4TB
@qiqinuinaifen128
Sure.

If you want to check each field separately, you could put a function, like the one in my first example, at the top of the page.
Then, rather then doing:
Expand|Select|Wrap|Line Numbers
  1. $string = stripslashes( $_POST["FileContent"] );
You would do:
Expand|Select|Wrap|Line Numbers
  1. $string = getPost('FileContent');

Or, if you would like to check each field automatically before you use them, you could simply put something like the IF statement in my second example at the top of your page.
Then you could get the fields directly from the $_POST array.
Expand|Select|Wrap|Line Numbers
  1. $string = $_POST['FileContent'];
Validating user input is by far the most important thing to do when developing a website, so most developers end up using a variant of either of these techniques. They can be easily modified to do additional validation.

I recommend you take a look at the Security chapter in the manual.
Specifically the parts about User Submitted Data and SQL Injection.
Once you get a handle on those two topics, you will be safe against most of the security threats out there.
Feb 26 '09 #9
Thank you for you help and info. You all are fabulous.
Feb 28 '09 #10

Sign in to post your reply or Sign up for a free account.

Similar topics

4
Detecting highlighted text in textarea.
by: Doug van Vianen | last post by:
Hi, I am working on an Applet which provides some mouse practice for new computer users in our local seniors' computer club. The applet contains several cards, in a card layout, which are...
Java
5
Remove extra CrLf's from textarea
by: McKirahan | last post by:
I'd like to use regular expressions to remove extraneous Carriage Return Line Feeds (CrLf) from a textarea before the form is submitted. I'd like to remove all trailing CrLf's and convert all...
Javascript
4
extra vertical space WITHIN form
by: mappo | last post by:
There are about a million posts on how to get rid of the extra space _after_ the form end-tag, but I can't find any that solve my problem: extra space _in_ the form tag. I have a table nestled...
HTML / CSS
1
Limited number of symbols in textarea.
by: opt_inf_env | last post by:
Hello, I would like to create a text area where user can write only a limited number of symbols. Anybody know whether it can be done in html?
HTML / CSS
1
Problems while exporting data using pipe symbols
by: mark.heyden | last post by:
Hi Frends, I am facing problems while trying to export data into pipe format. In fact I am fetching records from mysql database and then trying to create a text file ( using pipe as delimeter) ,...
PHP
1
How to send email to the addresses added in the text area of the form??
by: divya | last post by:
I have a form which has a textarea,name - txtTo where he adds email addresses.Now when he clicks on sendemail I want to open a mailto link with addresses taken from textarea. Example I added...
Javascript
1
Extra Spaces Added in TextArea Field
by: gshriram | last post by:
I have few texts displayed in textarea, these texts have single spaces in between when I display these as labels it looks fine but when I display the same in text area every single space becomes...
Javascript
2
Blank Row added to database when existing row found
by: DavidPr | last post by:
I'm creating (trying to create) a picture gallery for my website. The script is not working. I've been working on it now for about 80 hours with no success. My php skills aren't very good. This...
PHP
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Merging data from multiple Excel files
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
Data Management
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!