backslashes added to quotes when reading from form
From: paul (paul_at_not.net)
Date: 11/30/04
- Next message: Jan K.: "using UTC_offset from Date"
- Previous message: Peter: "Re: is there a quick way to remove non numeric chars"
- Next in thread: Harrie Verveer: "Re: backslashes added to quotes when reading from form"
- Reply: Harrie Verveer: "Re: backslashes added to quotes when reading from form"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Tue, 30 Nov 2004 09:41:34 -0800
The following code reads user input from a textbox on a form and writes
it to a text file:
# extract comments from input box to text file
$handle = fopen ("$basename.txt", "w+");
fwrite ($handle, $_POST["comment"]);
fclose ($handle);
If the text includes a single or double quote, it gets a backslash added
automatically in this process. I think this is some kind of security
measure but this only runs at home so I'm not worried about hackers.
Suprisingly though, my web hosting service does allow me to run it
publicly, so I probably should be aware of how to strip malicious code
from such input as it would be nice to allow visitors to leave comments
as well.
Thanks!
- Next message: Jan K.: "using UTC_offset from Date"
- Previous message: Peter: "Re: is there a quick way to remove non numeric chars"
- Next in thread: Harrie Verveer: "Re: backslashes added to quotes when reading from form"
- Reply: Harrie Verveer: "Re: backslashes added to quotes when reading from form"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
