Forum Moderators: coopster
I'm having problem with a php script writing a string to a file in a correct format.
Well, no problem with plain text. the problem comes when i type
<a href="http://google.com">hotmail.com</a>
when i look at the txt file, the output will be
<a href=\"google.com\">hotmail.com</a>
if you notice, there is a slash before the quote, automatically added. I'm not sure where the script goes wrong. appreciate if you can please help me out, thanks.
below is my code
<?php// Function to display form
function showForm($errorMesg=false){
if ($errorMesg) $errorTextMesg = "Please enter your text!";
echo '<form action="notepad.php" method="POST"><center><p><br><br><table border="1" cellpadding="10" cellspacing="0">';
// Display message field an error if needed
echo '<tr><td>Entry:</td><td><textarea name="mesg" rows="10" cols="60"></textarea></td></tr>';
if ($errorMesg) echo "<tr><td colspan='2'>$errorTextMesg</td></tr>";
echo '<tr><td align="center" colspan="2"><input type="submit" name="updateNotepad" value="Submit"></td></tr>';
echo '<form>';
}
if (!isset($_POST['updateNotepad'])) {
showForm();
} else {
//Init error variables
$errorMesg = false;
$filename = "notepad.txt";
// $mesg = isset($_POST['mesg']) ? trim($_POST['mesg']) : '';
$Cmesg = isset($_POST['mesg']);
$mesg = $_POST['mesg'];
if (strlen($mesg)<3) $errorMesg = true;
// Display the form again as there was an error
if ($errorMesg) {
showForm($errorMesg);
} else {
// Let's make sure the file exists and is writable first.
if (is_writable($filename)) {
if (!$handle = fopen($filename, 'a')) {
echo "Cannot open file ($filename)";
echo '<form><input type="button" value="Back" onclick="history.go(-1);return false;" /></form>';
exit;
}
// Write $mesg to our opened file.
if (fwrite($handle, "$mesg\n") === FALSE) {
echo "Cannot write to file ($filename)";
echo '<form><input type="button" value="Back" onclick="history.go(-1);return false;" /></form>';
exit;
}
echo "Success, wrote ($mesg) to file ($filename)";
fclose($handle);
echo '<meta http-equiv="refresh" content="5;url=notepad.php">';
} else {
echo "The file $filename is not writable";
echo '<form><input type="button" value="Back" onclick="history.go(-1);return false;" /></form>';
}
}
}
?>
$mesg = stripslashes($_POST['mesg']);
Many PHP servers automatically implement this feature (although it's deprecated now) for MySQL security. It's used in order to escape quotes so people can't inject MySQL queries to your database and cause mischief.
If you have access to your PHP configuration, you can turn off magic_quotes and PHP won't add these slashes to your string.
anyway, that command works :)
thanks again :)
