Code Forums - View Single Post

NirTivAal · 12-03-2003, 07:37 AM

OK, here's essentially what I'm doing. There's other stuf that goes on that's unrelated to writing the file

PHP Code:

  $article = addslashes($article)

$full_article = "<h2>$title</h2>\nBy: <a href=\"mailto:$email\">$name</a><br />\n$date<br /><br />\n$article\n<br /><br /><span class=\"final\"><b>Final grade: $rating</b></span>";

$file = fopen("$dir/$articlenum.php", "w");

fwrite($file, $full_article);

fclose($file);

The variables $title, $article, and $rating, are all submitted by the user.
Because these people won't know any HTML or PHP, I can't rely on them to escape characters themselves (not that it works that way anyways)
The fwrite command works perfectly fine as long as you don't use the double quotes. Using addslashes doesn't seem to be making a difference.

12-03-2003, 07:37 AM	#7 (permalink)
NirTivAal Registered User Join Date: Oct 2003 Posts: 11	OK, here's essentially what I'm doing. There's other stuf that goes on that's unrelated to writing the file PHP Code: `$article = addslashes($article) $full_article = "<h2>$title</h2>\nBy: <a href=\"mailto:$email\">$name</a><br />\n$date<br /><br />\n$article\n<br /><br /><span class=\"final\"><b>Final grade: $rating</b></span>"; $file = fopen("$dir/$articlenum.php", "w"); fwrite($file, $full_article); fclose($file);` The variables $title, $article, and $rating, are all submitted by the user. Because these people won't know any HTML or PHP, I can't rely on them to escape characters themselves (not that it works that way anyways) The fwrite command works perfectly fine as long as you don't use the double quotes. Using addslashes doesn't seem to be making a difference.