Title: HTML escape strings
Last Modified: 05.01.2008
I haven't got down to business on "magic quotes" but this is a beggining of my expose'. First I make a form that submits to itself. Lets call it "escape.php" and the contents would be.
<form action='escape.php' method='POST' name='escapeform'>
Input Code:
<textarea name='escapeme' rows='5' cols='55'><?
echo $oldtext;
?></textarea>
Output Code:
<textarea name='escaped' rows='5' cols='55'><?
echo $newtext;
?></textarea>
<input type='submit'/>
</form>
Now we have a self submitting php form so I put my php code in the head and it looks like this:
<?
$oldtext = stripslashes($_POST['escapeme']);
$newtext = str_replace('&','&',htmlspecialchars($oldtext));
?>
And voila, you click submit and you get escape strings back. you can view it here. Notice the three PHP functions I use. "stripslashes()" gets rid of '\' on your quotes and "htmlspecialchars()" of course escapes all of your special characters, while the "str_replace()" finishes the job so that the "&" doesn't make your escape strings display as the value you need. Another page that does this with some more features is here:
and I used this page for reference.