sjaakdelul
IS-IT--Management
I've this form:
<html>
<head>
</head>
<body>
<?
switch ($target)
{
case "":
stap3();
break;
case "stap31":
stap31();
break;
case "stap310":
stap310();
break;
case "stap4":
stap4();
break;
}
function stap3()
{
?>
<form name="form1" method="post" action="test.php?target=stap31">
<input name="diagnose" type="text" id="diagnose" size="15">
<input type="submit" name="Submit" value="ga verder-->">
</form>
<?
}
function stap31 ()
{
?>
<form name="form1" method="post" action="test.php?target=stap310">
<? echo "<input type=hidden name=diagnose value='" . htmlspecialchars($_POST['diagnose']) . "'>"; ?>
<input name="naam2" type="text" id="naam2" size="15">
<input type="submit" name="Submit" value="ga verder-->">
</form>
<?
}
function stap310 ()
{
?>
<form name="form1" method="post" action="test.php?target=stap4">
<? echo "<input type=hidden name=diagnose value='" . htmlspecialchars($_POST['diagnose']) . "'>"; ?>
<? echo "<input type=hidden name=naam2 value='" . htmlspecialchars($_POST['naam2']) . "'>"; ?>
<input name="naam3" type="text" id="naam3" size="15">
<input type="submit" name="Submit" value="ga verder-->">
</form>
<?
}
function stap4 ()
{
echo $_POST[diagnose];
echo"\n";
echo $_POST[naam2];
echo"\n";
}
?>
</body>
</html>
It's quit simple.
The problem is that PHP turns the input
"hey" into \\\\\\\"hey\\\\\\\"
I've heard to use strip-slashes, but I don't understand it.
magic_quotes_gpc is set 'on' in the ini file.
Now, I am using htmlspecialchars, but for form to form data tossing with magic quotes on htmlspecialchars fails, because it will then translate the ampersands into &s;
I've tried this code:
$apos = "'";
$quot = """;
if($products){
while (list ($key, $val) = each($products)) {
$products[$key] = str_replace("'",$apos,stripslashes($val));
$products[$key] = str_replace('"',$quot,stripslashes($val));
}
reset($products);
}
This is not working for me. But I think I've used it at the wrong way ...
Does someone knows how to use strip-slashes at the good way??
Thx!
<html>
<head>
</head>
<body>
<?
switch ($target)
{
case "":
stap3();
break;
case "stap31":
stap31();
break;
case "stap310":
stap310();
break;
case "stap4":
stap4();
break;
}
function stap3()
{
?>
<form name="form1" method="post" action="test.php?target=stap31">
<input name="diagnose" type="text" id="diagnose" size="15">
<input type="submit" name="Submit" value="ga verder-->">
</form>
<?
}
function stap31 ()
{
?>
<form name="form1" method="post" action="test.php?target=stap310">
<? echo "<input type=hidden name=diagnose value='" . htmlspecialchars($_POST['diagnose']) . "'>"; ?>
<input name="naam2" type="text" id="naam2" size="15">
<input type="submit" name="Submit" value="ga verder-->">
</form>
<?
}
function stap310 ()
{
?>
<form name="form1" method="post" action="test.php?target=stap4">
<? echo "<input type=hidden name=diagnose value='" . htmlspecialchars($_POST['diagnose']) . "'>"; ?>
<? echo "<input type=hidden name=naam2 value='" . htmlspecialchars($_POST['naam2']) . "'>"; ?>
<input name="naam3" type="text" id="naam3" size="15">
<input type="submit" name="Submit" value="ga verder-->">
</form>
<?
}
function stap4 ()
{
echo $_POST[diagnose];
echo"\n";
echo $_POST[naam2];
echo"\n";
}
?>
</body>
</html>
It's quit simple.
The problem is that PHP turns the input
"hey" into \\\\\\\"hey\\\\\\\"
I've heard to use strip-slashes, but I don't understand it.
magic_quotes_gpc is set 'on' in the ini file.
Now, I am using htmlspecialchars, but for form to form data tossing with magic quotes on htmlspecialchars fails, because it will then translate the ampersands into &s;
I've tried this code:
$apos = "'";
$quot = """;
if($products){
while (list ($key, $val) = each($products)) {
$products[$key] = str_replace("'",$apos,stripslashes($val));
$products[$key] = str_replace('"',$quot,stripslashes($val));
}
reset($products);
}
This is not working for me. But I think I've used it at the wrong way ...
Does someone knows how to use strip-slashes at the good way??
Thx!