Getting slashed with backslahes 1

[sen5241b]

If I enter backslashes in the html form, each backslash is escaped with a another backslash. So H\E\L\L\O becomes H\\E\\L\\L\\O. The html form statement calls a PHP script that applies stipslashes. No backslashes are removed though. why? Important code is bolded.

HTML FILE

<html>
<body>

<style type="text/css">
h1 {font-size: 800%}
h2 {text-align: center; color: red; font-size: 300%}
h3 {font-size: 200%}
h4 {text-align: center; font-size: 120%}
h5 {text-align: center; font-size: 120%}
p {font-size: 100%}
h3 {font-family: times}

h2.pos_left
{

}
h2.pos_right
{
position:relative;
left:20px
}

div.figureleft {
  float: left;
  width: 25%;
  border: thin red solid;
  padding: 0.5em;  }

IMG.displayed {
    display: block;
    margin-left: auto;
    margin-right: auto }

  #clearbreak {
	clear: both; }

	</style>



<title>Enter Test String</title>

<body bgcolor="#33CCCC" lang=EN-US link=red vlink=purple style='tab-interval:
.5in'>

<H2> The website </H2>

<H4> Enter text </H4>

<H4>
[b]<form action="slashthing.php" method="post">[/b]
<span style="position: relative; LEFT: -20.5px">  Comment:  &nbsp; 
[b] <input type="text" 	 name="checkstr" [/b]
id="checkstr" value="" size="120" tabindex="1" >
<BR><BR>
<input type="hidden" name="lowestsev" 	id="lowestsev" value="1" tabindex="2" >  
<input type="hidden" name="quickcheck" 	id="quickcheck" value="0" tabindex="3" > 
<input type="submit" VALUE="Test" />
 </span>
 </form>
</H4>

</body>
</html>

PHP FILE

<?PHP
echo '  begin ';
echo 'before stripslashes checkstr=';
var_dump($_POST["checkstr"]);
[b]$checkstr = stripslashes($checkstr); [/b]
echo 'after stripslashes checkstr=';
var_dump($_POST["checkstr"]);
 ?>

still has double backslashes?!

 

[vacunita]

Lets take a look at your code shall we:

First:

echo '  begin ';
echo 'before stripslashes checkstr=';
var_dump($_POST["checkstr"]);

you echo your variable to see what's in it.
That's all fine and good.

$checkstr = stripslashes($checkstr);

but then you proceed to use the stripslashes function on a variable that as far as it knows doesn't exist. You should be getting a Warning here. I suppose what you want to do here is:

$checkstr = stripslashes([red]$_POST['checkstr'][/red]);

echo 'after stripslashes 
checkstr=';
var_dump($_POST["checkstr"]);

And then to finish it all off you proceed to echo out the very same variable that was submitted by the form. And that has not had anything at all done to it.

You should be doing:

echo 'after stripslashes 
checkstr=';
var_dump($checkstr);

By the way you don;t need to use var_dump unless you want all the extra information. If all you want is its contents you can just include the variable in your echo statement.

echo "after stripslashes 
checkstr= $checkstr";

notice the double quotes or:

echo 'after stripslashes 
checkstr=' . $checkstr;

Notice the concatenating period.




----------------------------------
Ignorance is not necessarily Bliss, case in point:
Unknown has caused an Unknown Error on Unknown and must be shutdown to prevent damage to Unknown.

 

[sen5241b]

I'm surprised anyone even bothered to offer a solution for such a ridiculous error on my part. Thanks!

I am assuming the HTML form statement escaped the backslashes in order to successfully pass the backslashes in URL form to the PHP script, true?

 

[jpadie]

nope. you will have magic_quotes_gpc or magic_quotes_runtime turned on. you should turn this off.

http://fr.php.net/magic_quotes