Quotes being escaped in form data?

[Pooh22]

Hi,<br><br>I'm new to PHP, but I know a lot of Perl (5 years, playing in my spare time).<br><br>Anyway, I'm playing with a simple guestboard-script (see below) and <br>everything can be submitted, except quotes (&quot; and '), they are escaped like: \&quot; or \'<br><br>this creates problems when a URL is submitted like: <br>&lt;a href=&quot;url&quot;&gt;blah&lt;/a&gt;<br>it comes out as: &lt;a href=\&quot;url\&quot;&gt;blah&lt;/a&gt;<br>which doesn't work.<br>leaving the &quot;'s does work, but that isn't intuitive (from the user's <br>perspective)<br><br>What am I doing wrong?<br><br>Cheers<br><br>Simon<br><br>----- php code below ----<br><br>&lt;?<br>/* <br><br>annotate.php3&nbsp;&nbsp;<br><br>This is a module that can be placed on any php3 page to allow users to <br>add <br>their comments. The comments are stored in a file in the current <br>directory, <br>whose name is constructed by adding &quot;.comment&quot; to the calling page's <br>name, <br>and merged into the calling page dynamically. (The calling page is not <br>modified.) <br><br>I wrote this because I wanted a simple way to add this functionality to <br>my <br>pages without requiring that mySQL be available. <br><br>In the message input, blank lines are converted to paragraph tags. No <br>other <br>conversions are applied. If you don't want your users to be able to <br>input <br>html, uncomment the &quot;strip_tags&quot; line. <br><br>Note that the directory must be writable by the web server. <br><br>Put this module in some convenient location and then embed it in your <br>pages <br>like so: <br><br>require(&quot;/some/full/path/annotate.php3&quot; <br>or, relative to the docroot: <br>require($DOCUMENT_ROOT . &quot;/relativepath/php3&quot; <br><br>Steve Yelvington &lt;<A HREF="mailto:steve@yelvington.com">steve@yelvington.com</A>&gt; <br>*/ <br>$commentdir = &quot;annotate/&quot;;<br>$commentfile = $commentdir . basename($PHP_SELF) .&nbsp;&nbsp;&quot;.comment&quot;;<br>/* print &quot;&lt;br&gt;&lt;b&gt;$commentfile&lt;/b&gt;&lt;br&gt;&quot;; */<br><br>if ($message) <br>&nbsp;&nbsp;&nbsp;&nbsp;{ <br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;/* uncomment the next two lines to strip out html from input */ <br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;/* $name = strip_tags($name); */ <br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;/* $message = strip_tags($message); */ <br>&nbsp;&nbsp;&nbsp;&nbsp;$message = ereg_replace( &quot;\r\n\r\n&quot;,&nbsp;&nbsp;&quot;\n&lt;P&gt;&quot;, $message); <br>&nbsp;&nbsp;&nbsp;&nbsp;$message = ereg_replace( &quot;\r\n&quot;,&nbsp;&nbsp;&quot;\n&lt;BR&gt;&quot;, $message); <br>&nbsp;&nbsp;&nbsp;&nbsp;$date = date( &quot;l, F j Y, h:i a&quot; <br>&nbsp;&nbsp;&nbsp;&nbsp;$message =&nbsp;&nbsp;&quot;\n&lt;p&gt;&lt;B&gt;$name &lt;/B&gt; -- $date&lt;/p&gt;\n&lt;P&gt;$message <br>&lt;/P&gt;\n&lt;HR&gt;\n\n&quot;; <br>&nbsp;&nbsp;&nbsp;&nbsp;$fp = fopen ($commentfile,&nbsp;&nbsp;&quot;a&quot; <br>&nbsp;&nbsp;&nbsp;&nbsp;fwrite ($fp, $message); <br>&nbsp;&nbsp;&nbsp;&nbsp;fclose ($fp);<br>&nbsp;&nbsp;&nbsp;&nbsp;print &quot;&lt;P&gt;&lt;B&gt;bericht:&lt;/b&gt;&lt;/p&gt;\n&lt;p&gt;$message&lt;/p&gt;&lt;p&gt;Toegevoegd&lt;/p&gt;\n&quot;;<br>&nbsp;&nbsp;&nbsp;&nbsp;print &quot;&lt;hr&gt;&lt;p&gt;&lt;a href=\&quot;&quot;. basename($PHP_SELF) . &quot;\&quot;&gt;Klik hier om <br>het hele board te zien&lt;/a&gt;&quot;; <br>&nbsp;&nbsp;&nbsp;&nbsp;} <br>else {<br>&nbsp;&nbsp;&nbsp;&nbsp;@readfile($commentfile); <br>}<br>?&gt; <br>&lt;P&gt;<br>&lt;FORM method=&quot;post&quot;&gt; <br>&lt;b&gt;Naam:&lt;/b&gt;&lt;BR&gt;&lt;INPUT name=&quot;name&quot; type=&quot;text&quot; size=&quot;55&quot;&gt;&lt;BR&gt; <br>&lt;b&gt;Bericht/opmerking:&lt;/b&gt;&lt;BR&gt;&lt;TEXTAREA name=&quot;message&quot; rows=10 cols=55 <br>wrap=virtual&gt; <br>&lt;/TEXTAREA&gt;&lt;BR&gt; <br>&lt;INPUT name=&quot;submit&quot; type=&quot;submit&quot; value=&quot;Post your comments&quot;&gt; <br>&lt;/FORM&gt; <br>

 

[Pooh22]

I've already solved it myself, using the function: stripslashes did the trick!