Wrox Programmer Forums

Need to download code?

View our list of code downloads.

| FAQ | Members List | Search | Today's Posts | Mark Forums Read
BOOK: Beginning PHP4/PHP 5 ISBN: 978-0-7645-4364-7; v5 ISBN: 978-0-7645-5783-5
This is the forum to discuss the Wrox book Beginning PHP4 by Wankyu Choi, Allan Kent, Chris Lea, Ganesh Prasad, Chris Ullman; ISBN: 9780764543647
Welcome to the p2p.wrox.com Forums.

You are currently viewing the BOOK: Beginning PHP4/PHP 5 ISBN: 978-0-7645-4364-7; v5 ISBN: 978-0-7645-5783-5 section of the Wrox Programmer to Programmer discussions. This is a community of tens of thousands of software programmers and website developers including Wrox book authors and readers. As a guest, you can read any forum posting. By joining today you can post your own programming questions, respond to other developers’ questions, and eliminate the ads that are displayed to guests. Registration is fast, simple and absolutely free .
DRM-free e-books 300x50
Reply
 
Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old June 8th, 2004, 11:09 AM
Registered User
 
Join Date: Jun 2004
Location: , , .
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via AIM to kellenjb
Default Chapter 10 Editor Problems

In chapter ten on the editor script when ever I have either a “ or a ‘ in the script it adds a / before the “ or ‘. I tried to find what is causing this but have had no luck. I know the script is copied correctly because I downloaded the script and got the same problem.
Thanks


Reply With Quote
  #2 (permalink)  
Old June 8th, 2004, 06:21 PM
richard.york's Avatar
Wrox Author
Points: 5,506, Level: 31
Points: 5,506, Level: 31 Points: 5,506, Level: 31 Points: 5,506, Level: 31
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Jun 2003
Location: Camby, IN, USA.
Posts: 1,706
Thanks: 0
Thanked 6 Times in 6 Posts
Default

The forward slashes are added to all data that comes into a PHP script from outside sources. This prevents a malicious user from running DB quries or executing script directly from your form input fields. This is called the magic_quotes_gpc directive. gpc stands for GET, POST and COOKIE, the three methods of outside input.

To get rid of the slashes you have to run stripslashes() on the data before outputting it for display, but not before storing in a DB, as this would allow the vulnerability I just mentioned.

http://www.php.net/stripslashes
http://www.php.net/addslashes

Regards,
Rich

::::::::::::::::::::::::::::::::::::::::::
The Spicy Peanut Project
http://www.spicypeanut.net
::::::::::::::::::::::::::::::::::::::::::
Reply With Quote
  #3 (permalink)  
Old June 8th, 2004, 08:07 PM
Registered User
 
Join Date: Jun 2004
Location: , , .
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via AIM to kellenjb
Default

How could I get this to work when I am editing a full page? The part I have most problems with is:

<p class="date">May 12</p><p class="content">etc<p>

and it changes it to

<p class=/"date/">May 12</p><p class=/"content/">etc<p>

I know richard has the problems found and knows how to fix it, I just can't get it to work with what im doing.

Reply With Quote
  #4 (permalink)  
Old June 8th, 2004, 08:14 PM
Friend of Wrox
 
Join Date: Nov 2003
Location: , , .
Posts: 1,285
Thanks: 0
Thanked 2 Times in 2 Posts
Default

My guess is that you're doing it something like this:

echo "<p class='" . $date . "'>May 12</p><p class='" . $content . "'>etc</p>";

Try this instead:

$date = stripslashes($date);
$content = stripslashes($content);
echo "<p class='" . $date . "'>May 12</p><p class='" . $content . "'>etc</p>";

HTH,

Snib

<><
Reply With Quote
  #5 (permalink)  
Old June 8th, 2004, 08:16 PM
richard.york's Avatar
Wrox Author
Points: 5,506, Level: 31
Points: 5,506, Level: 31 Points: 5,506, Level: 31 Points: 5,506, Level: 31
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Jun 2003
Location: Camby, IN, USA.
Posts: 1,706
Thanks: 0
Thanked 6 Times in 6 Posts
Default

Ok, sorry I misspelled the function...it's stripslashes not strip_slashes.

Right, if you're editing a page of content, as in a textarea or something like that you can strip out the slashes by putting the variable containing the content through stripslashes.

echo stripslashes($_POST['content']);

Now your HTML source won't have the forward slashes in the source.

Regards,
Rich

::::::::::::::::::::::::::::::::::::::::::
The Spicy Peanut Project
http://www.spicypeanut.net
::::::::::::::::::::::::::::::::::::::::::
Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Problems with the editor example in ch 10 arne Beginning PHP 4 August 21st, 2004 02:24 PM
Chapter 10 editor.php Tachyon BOOK: Beginning PHP4/PHP 5 ISBN: 978-0-7645-4364-7; v5 ISBN: 978-0-7645-5783-5 2 March 17th, 2004 10:37 PM
Beginning php 4 chapter 10 problems dakey Beginning PHP 3 February 13th, 2004 06:21 PM
Editor problems with 2003 Jerry VS.NET 2002/2003 0 July 5th, 2003 08:54 PM
Beginning php 4 chapter 10 problems ade Beginning PHP 2 June 19th, 2003 02:43 PM



All times are GMT -4. The time now is 04:41 PM.


Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
© 2013 John Wiley & Sons, Inc.