2

Oops! I figured it out. Had to strip slashes...

Hello, I have the following code to edit my configuration file in the browser. The file content is retrieved and displayed in a text box. Then the edits are saved back into the file. Everything works fine on my development machine but in my hosting account it does not work.

When I save the file, all single quotes are over written adding a backslash in front of them.

How can I change my code to prevent this? Thank you!

<?php
// button javascript
$save_changes_js = "return confirm('Do you want to SAVE the CHANGE(S)?');";

// open web config
$filename = ROOT_PATH.'web.config.php';
$contents = file_get_contents($filename);

if(isset($_POST['txbConfig']) && !empty($_POST['txbConfig']))
{
    // save changes to file
    $changes = $_POST['txbConfig'];
    file_put_contents($filename,$changes);

    // refresh page
    $destination_url = SITE_URL.'admin/edit-config.php';
    header('Location:'.$destination_url);
}
?>

<form action="" method="post" name="editConfig" class="htmlForm">
  <div class="editConfigWrap">
    <textarea name="txbConfig"><?php echo $contents ?></textarea>
  </div>
  <input name="submit" type="submit" value="Save Changes" class="gvbtn" onclick="<?php echo $save_changes_js; ?>">
</form>
BalusC
  • 1,082,665
  • 372
  • 3,610
  • 3,555

2 Answers2

0

You've got 'magic quotes' turned on. They are anything but magic.

You can detect this setting and undo the magic by checking for it with get_magic_quotes_gpc or get_magic_quotes_runtime, e.g.

$value=get_magic_quotes_gpc()?stripslashes($_REQUEST['value']):_REQUEST['value'];
Paul Dixon
  • 295,876
  • 54
  • 310
  • 348
0

This happens because your ISP still has Magic Quotes turned on. Ideally, get them to turn it off or find a way to configure it for your account.

If this can't be done, you need to use stripslashes or equivalent. See this other SO question: How to turn off magic quotes on shared hosting?

Community
  • 1
  • 1
Brad
  • 159,648
  • 54
  • 349
  • 530