Ok, so I'm hoping that my problem is a simple one to solve, but I can't seem to find a solution anywhere. I'm just hoping that some of the brilliant Kirupa minds will be able to produce results for me. Here's what I'm doing:

I'm trying to build a "blog" using Flash and PHP, using a text file as my "database". So far it's working, I can post (change the text file via my PHP script, using Flash as the front end), but I'm running into a problem when the post contains a single or a double quote (' or "). Instead of getting the ' or " outputted back into my blog reader page, I get a \ before them (i.e. - \' or \").

This causes a two tiered problem because I can't use anchor tags to add hyperlinks in the posts and the posts can't contain apostrophes. This could easily be overcome if I just edit the text file directly and reupload it to the server. But I'd like to have the ability to allow several users to post. My PHP code looks like this:



<?php
$blogText = $_POST["blog"];
$file = fopen("blog.txt", "w+");
fwrite($file, "blog=".$blogText);
fclose($file);
?>Keep in mind that this code is functional. I just need to figure out a way to change either the incoming or outgoing string in order to get rid of the slashes and display the text as it is entered. I appreciate any help I can get. Thanks.

edit: removed links

instanteggrolls

PS - I'm not a PHP whiz, so if you can offer some snippet of code, or a dumbed-down solution, that would be most helpful. Thanks in advance.

It's likely that this is caused by PHP's magic_quotes_gpc and magic_quotes_runtime settings. Basically what they do is add slashes to all POST, GET and COOKIE data (magic_quotes_gpc) and to all data from external sources like text files and databases (magic_quotes_runtime). You can easily check whether these settings are activated using get_magic_quotes_runtime and get_magic_quotes_gpc.

magic_quotes_runtime defaults to off, but it's best to be sure and turn it off explicitly anyway. This can easily be done as such:


set_magic_quotes_runtime( 0 );
Unfortunately though, there is no way to turn magic_quotes_gpc off at runtime. You'll have to edit it out in php.ini or use a .htaccess file to set a php_flag.

There is a way to cancel out the effect of magic_quotes_gpc by using stripslashes, but it has a few specific side effects that need to be corrected when using it.

So I'd first advise you to contact your host to see if you can get the setting changed in php.ini. If that fails, try using the php_flag directive in a .htaccess file:


php_flag magic_quotes_gpc off

If that fails too, report back here =)

It sounds like that could work. I knew I needed to turn off the magic quotes stuff. But I'm not really sure what steps I need to take. I looked up where my php.ini file is located on my host server. In the FAQ it said that if I don't have a php.ini already in my home folder, I need to create one. If you happen to know how to do that, I'd love a quick run through. I suppose I essentially have total control over that file. And if nothing else, I'd like to know how to set up that htaccess file. At this point, I'm coming across as a newb, and I won't try to deny it. :) I 'd like to get this working though. And I appreciate your help.

instanteggrolls

Creating a php.ini yourself could get a bit tricky. The thing is that you need to work from a template (unless you know all the possible settings by heart), but the template you choose might completely override your host's default settings, possibly creating more problems than it will solve. So you should ask your host if you could get a copy of their default php.ini file to modify to your own needs, so that everything stays the same except magic_quotes.

The .htaccess flag will not always work depending on your host's configuration, but you can give it a shot anyway. So what you do is this: in the directory that contains your PHP script(s), create a textfile called .htaccess, exactly as you see it in bold (that includes the dot at the beginning). Save this into it:


php_flag magic_quotes_gpc off
Then check get_magic_quotes_gpc and get_magic_quotes_runtime in your script again to see if it worked. If it did, great, if not, you'll have to solve it using php.ini.

On a side note, if it works and you want to apply this for all your scripts, I'm not sure if you need to put the same .htaccess file in every folder that contains PHP files or if a .htaccess file on the topmost level will be inherited by subfolders. You'll just have to try and find out.

Thanks so much. The .htaccess file didn't work. It kept giving me a server error. But I read a little more into my host's directions on creating a php.ini file. It said that I don't have to create a full php.ini file, just that I needed to add the directives that I wanted to change. So I created a new ini with:



magic_quotes_gpc = 0

And presto: no more slashes in front of my quotes or apostrophes. Thank you so much for your help.

instanteggrolls.

Surely it's more secure to use this?

$blogText = stripslashes($_POST["blog"]);
That's what I've always been told...

or you could do a str replace thing and change ' to &apos; and < &gt;

I'd recommend stripslashes myself.

Yeah, I think I'm going to try stripslashes again. I think I was using incorrect syntax before. Thanks for the input, guys.