1

In my code I am having PHP write a variable into a text file.

$stringData = '<p class="blogcontent">' . $content . '</p>';
fwrite($fh, $stringData);

The variable $content includes this <img src="bpictures/blue.jpg" width="200" />

But when the variable is written in to the text file this is written into it.

<img src=\"bpictures/blue.jpg\" width=\"200\" />

And it causes the image not to work when returned into html. I have tried using echo stripslashes($content); but that doesn't work, Is there any way that I can write into the text file just the straight code that I have in the variable? I can't find an answer on Google.

How content is made.

<span class="addblog">Content (Include img tags from below):</span> <textarea cols="90" rows="50" name="bcontent">  </textarea> <br />

On submit.

$content = $_POST["bcontent"];

There is much more to the code but this is all that effects content for the most part.

Spencer May
  • 4,266
  • 9
  • 28
  • 48
  • 2
    Can we see how you retrieve `$content` and what you do to it, before you put it into `$stringData`? – Litty Jun 03 '12 at 20:10
  • 1
    did you try `$stringData = '

    ' . stripslashes($content) . '

    ';`     – Prasenjit Kumar Nag Jun 03 '12 at 20:11
  • 1
    Yes, I agree. I feel like magic quotes is on, and then its escaped again, meaning two escapes. But hard to tell unless we see how you filtered the things to begin with. – Andy Jun 03 '12 at 20:12
  • 1
    And do the quotes in `'

    '` get escaped in the file? If not, `$content` does not contain what you claim it does. `fwrite()` does not add slashes.

     – CodeCaster Jun 03 '12 at 20:13
  • Maybe it is when the form submits it adds the slashes? I never thought about that...sorry – Spencer May Jun 03 '12 at 20:15

1 Answers1

3

The problem is that you have magic_quotes enabled.

If you can't disable them on the php.ini, you can use this function I found here on stackoverflow a while ago, to disable then at run time:

<?php
if (get_magic_quotes_gpc()) {
    function stripslashes_gpc(&$value)
    {
        $value = stripslashes($value);
    }
    array_walk_recursive($_GET, 'stripslashes_gpc');
    array_walk_recursive($_POST, 'stripslashes_gpc');
    array_walk_recursive($_COOKIE, 'stripslashes_gpc');
    array_walk_recursive($_REQUEST, 'stripslashes_gpc');
}
?>

Found the original post related to this subject, here!

There are other solutions present there, but this was the one I've used.

EDITED

From the above link a simple solution to deal with the $_POST:

if (get_magic_quotes_gpc()) {
  $content = stripslashes($_POST['bcontent']);
}else{
  $content = $_POST['bcontent'];
}
Community
  • 1
  • 1
Zuul
  • 16,217
  • 6
  • 61
  • 88