Thread: [resolved] PHP escaping my strings

Hello all, I have a form page which submits to a PHP page. The latter creates a text file, but is escaping my strings for some reason.


Here is my form page:

Code:

<form name="frmMain" action="write.php" method="post">
<textarea name="txtBody"></textarea>
<input type="submit">
</form>

Here is my processing page:

Code:

<?php
$filename = "output.txt";
$fp = fopen ($filename,"w") or die("Can't open file.");
	fwrite ($fp, $txtBody);
fclose ($fp);
?>

Now when I submit the following text:

bgcolor="#000000"

It comes out as:

bgcolor=\"#000000\"


Why is PHP escaping my strings? More importantly, how do I stop it?
Thanks!

PHP has feature called magic quotes. When activated all variables submitted to the PHP script via POST, GET or cookies, have meta characters (", ' and \) escaped automatically. Unfortunatley unless you have access to the PHP.ini file you cannot disable or enable magic quotes.

Therefore, PHP provides three functions that enable you to tell whether or not the string has been escaped by default:

get_magic_quotes_gpc() - returns 1 if magic quotes is on. Indicating meta characters in submitted data have been automatically escaped. If it returns 0 then magic quotes is disabled.

addslashes() - adds back slashes to the string supplied as an argument and returns the escaped string

stripslashes() - removes back slashes from the string supplied as an argument and returns the unescaped string.

So to remove these slashes added automatically you can use the following code:

PHP Code:

if (get_magic_quotes_gpc ()) // slahses added automatically
    $filename = stripslashes ($filename); // remove them