0

My php code to edit a text document is adding a backslash anywhere a ' or a " is used and I can't figure out why. Anybody ever ran into this before? How did you fix it?

<? 
if($_POST['Submit']){ 
$open = fopen("../content.txt","w+"); 
$text = $_POST['update']; 
fwrite($open, $text); 
fclose($open); 
echo "File updated.<br />";  
echo "File:<br />"; 
$file = file("../content.txt"); 
foreach($file as $text) { 
echo $text."<br />"; 
} 
}else{ 
$file = file("../content.txt"); 
echo "<form action=\"".$PHP_SELF."\" method=\"post\">"; 
echo "<textarea Name=\"update\" cols=\"50\" rows=\"10\">"; 
foreach($file as $text) { 
echo $text; 
}  
echo "</textarea>"; 
echo "<input name=\"Submit\" type=\"submit\" value=\"Update\" />\n 
</form>"; 
} 
?>

So when I type for instance

<a href="index.php">Home</a>

It saves looking like this

<a href=/"index.php/">Home</a>

Output

After save

chris85
  • 23,846
  • 7
  • 34
  • 51
OzzmanFloyd120
  • 11
  • 1
  • 2
    Your text editor or PHP is adding the slashes? If PHP you must be using an older version with magic quotes on. – chris85 Aug 03 '16 at 02:55
  • I'm not sure what you mean. I'm still kinda new to PHP. I added pictures of what it's doing so you all could see tho. – OzzmanFloyd120 Aug 03 '16 at 03:14
  • Yea, that is magic quotes in that case. There are many threads on how to disable that. Here's one: http://stackoverflow.com/questions/517008/how-to-turn-off-magic-quotes-on-shared-hosting Depending on who you are allowing to comment like this you also might be open to XSS injections. – chris85 Aug 03 '16 at 03:19
  • That worked great. Thanks a lot! – OzzmanFloyd120 Aug 03 '16 at 03:51

0 Answers0