Page 1 of 3 123 Last
  • Jump to page:
    #1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2013
    Posts
    21
    Rep Power
    0

    A PHP problem in my site


    Hi,
    I have a problem with my site:
    articles4less. com/order

    In order to see what I'm talking about, please fill in this page an email address + general guidelines for all articles + subject+words for one article, then click 'continue', and then click 'edit' in the Shopping Cart.

    You will see that all the details are there, except of the 'General Guidelines for All Articles' field (textarea). Why is that?

    Here are the code of this field:

    Code:
    <textarea id="comments" name="comments" value="<?php
    if (isset($articleDetails['comments']) && $articleDetails['comments'] != NULL)
    echo $articleDetails['comments'];
    ?>"/></textarea>
    For comparison, here is the code of the email field:

    Code:
    <input type="text" id="email" name="email" class="mywidth" value="<?php
    if (isset($articleDetails['email']) && $articleDetails['email'] != NULL)
    echo $articleDetails['email'];
    ?>">
    Thanks,
    Steve
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2003
    Posts
    3,618
    Rep Power
    595
    First, please enclose your code in [ PHP ] tags. See the sticky at the top of this forum.

    Second, you have 2 different 'if' conditions so obviously one is failing the 'if' and the other is not. Did you echo those values to determine if they are what you expected?

    Third, see ManiacDan's New User Guide for tips and advice on how to debug these things yourself.
    There are 10 kinds of people in the world. Those that understand binary and those that don't.
  4. #3
  5. Sarcky
    Devshed Supreme Being (6500+ posts)

    Join Date
    Oct 2006
    Location
    Pennsylvania, USA
    Posts
    10,908
    Rep Power
    6352
    Following your steps worked for me, except it escaped my input.

    You clearly have magic_quotes turned on, and you need to turn it off right now.

    You also need to escape any re-printed HTML output with htmlentities()
    HEY! YOU! Read the New User Guide and Forum Rules

    "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin

    "The greatest tragedy of this changing society is that people who never knew what it was like before will simply assume that this is the way things are supposed to be." -2600 Magazine, Fall 2002

    Think we're being rude? Maybe you asked a bad question or you're a Help Vampire. Trying to argue intelligently? Please read this.
  6. #4
  7. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2013
    Posts
    21
    Rep Power
    0
    Yes, I fixed that.
    I removed the value attribute for the <textarea>
    Thanks anyway.

    What do you mean magic_quotes? What it is and how I turn it off?

    Also, how do I use htmlentities()?
  8. #5
  9. No Profile Picture
    Contributing User
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2003
    Posts
    3,618
    Rep Power
    595
    Originally Posted by Stevejon
    What do you mean magic_quotes? What it is and how I turn it off?
    The manual is a good place to start.
    http://www.php.net/manual/en/securit....disabling.php
    Originally Posted by Stevejon
    Also, how do I use htmlentities()?
    The manual is a good place to start.
    http://php.net/manual/en/function.htmlentities.php

    Comments on this post

    • ManiacDan agrees : *sigh*
    There are 10 kinds of people in the world. Those that understand binary and those that don't.
  10. #6
  11. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2013
    Posts
    21
    Rep Power
    0
    OK
    I'll read the manuals.
    Thanks.
  12. #7
  13. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2013
    Posts
    21
    Rep Power
    0
    I turned off magic_quotes in php.ini, but the problem is still there. Why?
  14. #8
  15. Jealous Moderator
    Devshed Supreme Being (6500+ posts)

    Join Date
    Mar 2007
    Location
    Washington, USA
    Posts
    14,302
    Rep Power
    9400
    Did you restart the web server? Changes won't take effect until you do. And if that still doesn't change it, use phpinfo to see whether PHP thinks it's enabled or not (it outputs a lot so just search for "magic_quotes").
  16. #9
  17. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2013
    Posts
    21
    Rep Power
    0
    I don't think that I can restart the web server (the site is hosted on bluehost).

    Anyway, I used phpinfo and it seems that magic_quotes is off...
  18. #10
  19. Sarcky
    Devshed Supreme Being (6500+ posts)

    Join Date
    Oct 2006
    Location
    Pennsylvania, USA
    Posts
    10,908
    Rep Power
    6352
    Something is putting slashes in your strings. Multiple slashes. Put the word "don't" in your text area and edit it 10 times. You'll end up with 20 slashes.
    HEY! YOU! Read the New User Guide and Forum Rules

    "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin

    "The greatest tragedy of this changing society is that people who never knew what it was like before will simply assume that this is the way things are supposed to be." -2600 Magazine, Fall 2002

    Think we're being rude? Maybe you asked a bad question or you're a Help Vampire. Trying to argue intelligently? Please read this.
  20. #11
  21. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2013
    Posts
    21
    Rep Power
    0
    Originally Posted by ManiacDan
    Something is putting slashes in your strings. Multiple slashes. Put the word "don't" in your text area and edit it 10 times. You'll end up with 20 slashes.
    Yes. I know. But why is this happening?
  22. #12
  23. Sarcky
    Devshed Supreme Being (6500+ posts)

    Join Date
    Oct 2006
    Location
    Pennsylvania, USA
    Posts
    10,908
    Rep Power
    6352
    Magic_quotes or addslashes. Those are the only two functions which are dumb like that.

    Or maybe, maybe, you're using something like mysql_real_escape_string somewhere when you're not supposed to.
    HEY! YOU! Read the New User Guide and Forum Rules

    "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin

    "The greatest tragedy of this changing society is that people who never knew what it was like before will simply assume that this is the way things are supposed to be." -2600 Magazine, Fall 2002

    Think we're being rude? Maybe you asked a bad question or you're a Help Vampire. Trying to argue intelligently? Please read this.
  24. #13
  25. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2013
    Posts
    21
    Rep Power
    0
    Here is my phpinfo so you can see that I turned off magic_quotes:

    http://www.articles4less. com/phpinfo.php

    How do I remove the addslashes function?

    Thanks...
  26. #14
  27. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2013
    Posts
    21
    Rep Power
    0
    By the way, the data of this form is inserted into the database.
  28. #15
  29. Sarcky
    Devshed Supreme Being (6500+ posts)

    Join Date
    Oct 2006
    Location
    Pennsylvania, USA
    Posts
    10,908
    Rep Power
    6352
    It's irrelevant where it goes eventually, all that matters is what you do to it before it goes into your details array. Do you call any escaping function on it when you build that array?
    HEY! YOU! Read the New User Guide and Forum Rules

    "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin

    "The greatest tragedy of this changing society is that people who never knew what it was like before will simply assume that this is the way things are supposed to be." -2600 Magazine, Fall 2002

    Think we're being rude? Maybe you asked a bad question or you're a Help Vampire. Trying to argue intelligently? Please read this.
Page 1 of 3 123 Last
  • Jump to page:

IMN logo majestic logo threadwatch logo seochat tools logo