当前位置: 动力学知识库 > 问答 > 编程问答 >

forms - PHP $_POST is outputting '\' when using qoutes

问题描述:

I have searched Stackoverflow and found a few similar issues but couldn't understand the answers. I only learned PHP 2 days ago so go easy on me please.

My problem is that I am using a form for the user to write and submit some text into a file. When they hit submit the text is written into the file and the next time they visit the form the text remains in the form for them to modify. The problem is that if any form of quotation is entered and submitted then a \ will be added in front of it.

Example:

user writes: "hello"

User hits submit

The form reloads and "hello" is outputted as \"hello\"

I know that \ cancels out stuff such as quotes so it can be outputted as a string but is it possible to use $_POST to store the form data and not have \ whenever I use a quotation?

Please make your explanations detailed as I am just a novice at PHP. Thanks in advance. Here is the code causing my problems:

echo '<div class="wrap">';

// makes an if statement to check if the submit button has been pushed

if ( isset( $_POST['Submit1'] ) ) {

// opens the include file and writes the contents of "left-form" to the file. left-form is the name of the html text area

$file = fopen($_SERVER['DOCUMENT_ROOT'] . '/wp-content/themes/mytheme/options/index_left.php', "w");

fwrite($file,$_POST["left_form"]);

fclose($file);

}

echo '<p><form method="POST" action=""><textarea rows="4" cols="50" name="left_form">';

// includes the contents of the file being written to as the text inside the text field

include $_SERVER['DOCUMENT_ROOT'] . '/wp-content/themes/mytheme/options/index_left.php';

echo '</textarea></p>';

echo '<input type="submit" value="Submit" name="Submit1"></form>';

// sets an if statement to check if the post button has been hit to display a message that it has been posted

if ( isset( $_POST['Submit1'] ) ) {

echo htmlspecialchars($_POST["left_form"]) . '</br>HAS BEEN POSTED';

}

echo '</div>';

}

网友答案:

htmlspecial chars will append \ to escape some symbols wrap it in a stripslashes().

echo stripslashes(htmlspecialchars($_POST["left_form"])) . '</br>HAS BEEN POSTED';

EDIT:

in response to your comment, if the text input is being stored into a database like mysql, try using the mysql_real_escape_string() function and stripslash() around that. otherwise have you tried this without the htmlspecialchars() function?

分享给朋友:
您可能感兴趣的文章:
随机阅读: