Jump to content

Small problem

- - - - -
Started by Edvinas, Jun 16 2010 05:51 AM

This topic has been archived. This means that you cannot reply to this topic.
2 replies to this topic

#1
Edvinas
Posted 16 June 2010 - 05:51 AM

Edvinas

    Newbie

  • Members
  • PipPip
  • 10 posts
Well I've ran into this small (hopefully small) problem.
On one page I have a textbox and submit button. When I enter something into the textbox and click submit, it calls a php script which reads that input and writes an html file straight to my ftp server with that input from textbox being the source of that html file.

It works alright, but the problem is that if I enter something like this into the textbox e.g.:
<img src="http://test.com/images/register_hover.gif" alt="" width="127" height="34" />

At the end when the html file is written with this as a source, it looks like this in the html file:
<img src=\"http://test.com/images/register_hover.gif\" alt=\"\" width=\"127\" height=\"34\" />

It basically adds a backwards slash before every " symbol...

Can someone help me please? What is causing this and how can I avoid it? :S

EDIT:

I'm assuming that the problem is something with my PHP file which reads that input, creates the file and writes input of textbox as source of that file.
Here's the php script:

<?php
session_start();
include_once"config.php";
include_once"members.php";
if(!isset($_SESSION['username']) || !isset($_SESSION['password'])){
	header("Location: index.php");
}else{
	[COLOR="red"][B]$content = $_POST['content'];[/B][/COLOR]
	//Connect to the FTP server
	$ftpstream = @ftp_connect('***********');
	//Login to the FTP server
	$login = @ftp_login($ftpstream, '******', '*****************');
	if($login) {
		//We are now connected to FTP server.
			//Create a temporary file
	$temp = tmpfile();
	//Upload the temporary file to server
	@ftp_fput($ftpstream, '/public_html/'.$membername.'.html', $temp, FTP_ASCII);
	
	//Make the file writable by all
	ftp_site($ftpstream,"CHMOD 0777 /public_html/".$membername.".html");
	//Write to file	
	$fp = fopen('/home/brprs/public_html/'.$membername.'.html', 'w');
	[COLOR="red"]fputs($fp,''.[B]$content[/B].'');[/COLOR]
	fclose($fp);
	//Make the file writable only to owner
	ftp_site($ftpstream,"CHMOD 0644 /public_html/".$membername.".html");
	
	}
	//Close FTP connection
	ftp_close($ftpstream);
	
}
?>

You see, the $content is basically a text passed on from textbox which is on another page using post method.

Thanks

#2
Alexander
Posted 16 June 2010 - 06:06 AM

Alexander

    It's Science!

  • Moderators
  • 4,124 posts
The Magic Quotes feature (magic_quotes_gpc) seems to be turned on in your PHP configuration. What this does is attempts to aid against SQL injection by escaping all quotes automatically, but it is a vague and poorly implemented feature that may confuse new programmers and cause further problems.

You will need to apply the command stripslashes (PHP: stripslashes - Manual) on the contents before you send it to the fputs command:

$content = stripslashes($_POST['content']);

Or however you wish to implement it.
Be sure to read the updated FAQ! || Health is achieved through the same 10,000 steps.
If a suggested code/method fails, informing us is less important than telling us why or what errors occurred.

#3
Edvinas
Posted 16 June 2010 - 06:10 AM

Edvinas

    Newbie

  • Members
  • PipPip
  • 10 posts
Let me try it.
Love for you if it works fine <3

EDIT:
Works like a charm, Thanks ;)
Back to PHP Development




  1. CODECALL Programming Forum
  2. Web Development Forum
  3. PHP Development
IPB skins by Skinbox