Help - Search - Members - Calendar
Full Version: Help with the evil slashes
MSFN Forums > Coding, Scripting and Servers > Web Development (HTML, Java, PHP, ASP, XML, etc.)

   
Google Internet Forums Unattended CD/DVD Guide
Idontwantspam
Aug 21 2007, 01:10 PM
OK, here's my problem. I have a php form that submits an email with the text the user specifies, and it works fine except that all of the \ symbols and ' symbols have a \ before them. Is there any way to stop this? It happens with any form element submitted to a form. For example:

This is part of "form.html"
CODE

<form action="example.php" method="post">
<input type="text" value="" id="example1" name="example1" />
<input type="submit" value="Submit" id="example2" name="example2" />
</form>

The text field "example1" gets filled in with
QUOTE
Example: \ '


And then there's example.php:
CODE

<?php echo $_POST["example1"] ?>


Which will display:

QUOTE
Example: \\ \'


How can I stop this???
ripken204
Aug 21 2007, 02:09 PM
well there is more code that you are leaving out, i need to see that instead of the examples.
my guess is that you are doing
CODE
<input value=$_POST["example1"]  />
and this could cause problems with the slash, make sure to do
CODE
<input value="$_POST['example1']"  />



CODE
<?=$_POST["example1"] ?>
<form action="<?=$_SERVER[php_self]?>" method="post">
<input type="text" value="" id="example1" name="example1" />
<input type="submit" value="Submit" id="example2" name="example2" />
</form>


this works perfectly for me..
Idontwantspam
Aug 22 2007, 09:40 AM
I'm not sure I understand your reply. This happens with any form element getting processed in any way by php. Here is a full-document example.

page1.html:
CODE
<html>
<head>
<title>Example</title>
</head>
<body>
<p>This is an example.</p>
<form action="example.php" method="post">
Your name is: <input type="text" value="" id="yourname" name="yourname" />
</form>
</body>
</html>


example.php
CODE
<html>
<head>
<title>My name is <?php echo $_POST["yourname"] ?></title>
</head>
<body>
Hello, <?php echo $_POST["yourname"] ?>. Welcome to this example page!
</body>
</html>


Now, say for example, someone's name is John O'rielly. Well, example.php would display the html code as follows:

CODE
<html>
<head>
<title>My name is John O\'rielly</title>
</head>
<body>
Hello, John O\'rielly. Welcome to this example page!
</body>
</html>


What I want to do is prevent it from showing that backslash. Does that explain it better? I hope?
Idontwantspam
Aug 22 2007, 10:20 AM
Never mind. I figured it out now. I need to put stripslashes() around the text before processing it.
ripken204
Aug 22 2007, 10:21 AM
oh now why didnt u just say O'Reilly before! lol. i had the same problem when i was doing a database with a name entry system a few months ago smile.gif
Idontwantspam
Aug 22 2007, 01:12 PM
QUOTE (ripken204 @ Aug 22 2007, 09:21 AM) *
oh now why didnt u just say O'Reilly before! lol. i had the same problem when i was doing a database with a name entry system a few months ago smile.gif

Sorry. blushing.gif I guess I didn't give a good example. Oh well, thanks for trying anyway!
..And no, my name is not O'Rielly. rolleyes.gif

--------------

Now I have a new question. How can I make a link to a file so that it will download the file rather than open it in the browser? For example, if there's a PDF document on a site and I link to it using the standard <a href="... method, it just opens in the window specified by target=. Is there a value for target= that will specify download, or some other option like that? Thanks in advance. newwink.gif
ripken204
Aug 22 2007, 07:17 PM
i dont think that there is a way, i think it's more dependant on the browser..
Idontwantspam
Aug 22 2007, 09:16 PM
Well, I don't think so, actually. For example, if someone uploads an attachment to MSFN that is in .html format, clicking on the link to it opens the download dialog; it doesn't open the html file. I'll go look at the source for some pages that offer download rather than direct links and see if I can figure it out.
ripken204
Aug 22 2007, 10:15 PM
maybe something with javascript..
Idontwantspam
Aug 23 2007, 02:05 PM
According to everything I've found, it's not possible. sad.gif
Chozo4
Aug 23 2007, 10:19 PM
That can be done through php with the use of Header() andn changing the content disposition. The info for that and more can be found at http://www.php.net/manual/en/function.header.php

Here is one of the examples that may be relevant to your needs.
CODE
Example 1578. Download dialog

If you want the user to be prompted to save the data you are sending, such as a generated PDF file, you can use the » Content-Disposition header to supply a recommended filename and force the browser to display the save dialog.

<?php
// We'll be outputting a PDF
header('Content-type: application/pdf');

// It will be called downloaded.pdf
header('Content-Disposition: attachment; filename="downloaded.pdf"');

// The PDF source is in original.pdf
readfile('original.pdf');
?>


Be sure to read some of the user contributed notes for more hints and ideas on how to use this method to it's fullest with other file formats as well. smile.gif
Zxian
Aug 24 2007, 02:10 AM
Just another useful note - what Chozo4 posted can also be used to prevent hotlinking of files. Checking wether or not a session variable has been set (you set it from the main page) within that download.php file (or whatever you call it) will prevent hotlinking.
Idontwantspam
Aug 24 2007, 09:33 AM
OK, thanks. One question about that, how would I actually make a link to the download? Where does the <a href=... go?
ripken204
Aug 24 2007, 11:29 AM
well it would be best to make a function out of it so that you could reuse it

you would call it by doing:
CODE
<a target="_blank" href="<?=download('file.pdf');?>">text</a>


then the function would be:
CODE
<?
  function download($file){
    header('Content-type: application/pdf');
    header('Content-Disposition: attachment; filename=$file');
    readfile($file);
  }
?>


edit:
now you will have to make the link open a new page as well because when you do header() it has to be the first thing on the page, nothing can display on the page before you call it. so i added in the target=_blank

this should work, i just wrote it out here and didnt test it..
Idontwantspam
Aug 24 2007, 02:17 PM
OK, thanks, I'll try that.
Thanks for your help everyone! thumbup.gif
Chozo4
Aug 26 2007, 05:31 AM
Ripken has the idea but he's mixing the idea of php with javascript. You cannot call a php (serverside) function directly from html or javascript (clientside).

Download.php
CODE
<?
    //NOTE: I took the liberty to make it a slight bit more secure.
    //By preventing outsiders from downloading anything they want
    //through adding a path to any other folder on your webserver
    //or even worse abusing it to use the page as an http-proxy.


    //Collect the passed filename from $_GET['file'] and then
    //strip out any paths to avoid the client from downloading
    //anything they want from outside the directory this script is in.
    $file=preg_replace('#.*[/\\\]#','',$_GET['file']);

    //Insert here the path to your files folder or leave empty for
    //script-root. For example: $path='myfiles/folder/is/here/';
    $path='';

    //check if the file exists - if not then stop executing
    if(!file_exists("$path$file")) die('File does not exist');

    //send the neccessary headers since the file clears as existing
    header('Content-type: application/pdf');
    header('Content-Disposition: attachment; filename=$file');

    //Read the file in and send
    readfile($file);
?>


We would then call the script from the client (your html webpage or whatnot) by using this:
CODE
<a href='download.php?file=whateverfile.pdf'>


As mentioned nothing needs to be on the page for the header parts to work but that means that no output can be sent before calling them in the php script itself (code is fine without output). It doesnt matter what page is already loaded but rather what's sent from the script. smile.gif

Also, I could have hardened the code more to only accept PDF extensions but I didn't want to make it too much to handle.
ripken204
Aug 26 2007, 08:24 AM
crap ur right, the way i do that type of stuff is that i have a process.php file where any processes such as dloading or logging in would take place, just so that i dont have 20 different files for each process.

CODE
<a href='process.php?action=download&file=whateverfile.pdf'>

so i would have to call it like that then use your script

then this is how the process.php file would look:
CODE
<?
    if($_GET['action']=='download'){
     $file=preg_replace('#.*[/\\\]#','',$_GET['file']);
     $path='';
     if(!file_exists("$path$file")) die('File does not exist');
     header('Content-type: application/pdf');
     header('Content-Disposition: attachment; filename=$file');
     readfile($file);
    }
?>
Google Internet Forums Unattended CD/DVD Guide
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.