Jump to content

Help with slashes appearing before quote marks

damion

By damion
in PHP Coding Help

 Share

Recommended Posts

damion Member

damion

Posted
Posted

Hi all,

 

 

I have an issue on a form that when it gets submitted a slash '/' appears before every quote symbol.

I had help solving the issue on one of the fields (the name field), but then later it was discovered that the slashes appear in all the fields whenever a quote was used (agreed, poor testing).

 

Can someone be so good to help me solve this? My php knowledge is not so great which is exactly why I'm asking here :)

Please see my code below. If this problem can be solved in the same manner as the name field was solved, then there are 2 files which will need the edits. They are below:

(some trivial information purposely removed for security reasons)

 

preview.php

 

<div id="card">
    <img id="logo" src="logo.jpg" />
    <div id="card1"><?php echo stripslashes($_REQUEST['text1']); ?> </div>
    <div id="card2"><?php echo $_REQUEST['text2']; ?> </div>
    <div id="card3"><?php echo $_REQUEST['text3']; ?> </div>
    <?php 
        if($_REQUEST['text4'] != '' && $_REQUEST['text5'] != '')
            $text = $_REQUEST['text4'].' • '.$_REQUEST['text5'];
        else
            $text = $_REQUEST['text4'].$_REQUEST['text5'];
    ?>
    <div id="card4"><?php echo $text; ?> </div>
    <div id="card5"><?php echo $_REQUEST['text6']; ?> </div>
</div>

second_form.php

<?php
    session_start();
    $db_host = 'localhost';
    $db_name = '';
    $db_user = '';
    $db_pass = '';

   
   $admin_email = "admin@aserver.com";

if(isset($_REQUEST['text1'])) $_REQUEST['text1'] = stripslashes($_REQUEST['text1']);
   $from = 'orders@mycompany.com';

    if($_REQUEST['count'] != '50' && $_REQUEST['count'] != '100')
    {
        header( 'Location: order.php' );
        die();
    }

    $card_number = trim($_REQUEST['card_number']);
    $card_security = $_REQUEST['card_security'];
    $card_exp_m = sprintf("%02d",((int)$_REQUEST['car_exm_m'])%100);
    $card_exp_y = sprintf("%02d",((int)$_REQUEST['car_exm_y'])%100);

    $count = $_REQUEST['count'];
    $shipping = 8.65;
    $price = $shipping;
    switch($count)
    {
        case 50: $price += 25; break;
        case 100: $price += 38; break;
    }


//$price = 0.01;
//$shipping = 0.01;

    $price = sprintf("%0.2f",$price);




    $fd_xsd = 'http://***';
    $v1_xsd = 'http://***';
    $a1_xsd = 'https://***';

//$email_rep = str_replace('@','[at]',$_REQUEST['text4']);

    $soap = <<<SOAP
        <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
        <SOAP-ENV:Header />
        <SOAP-ENV:Body>
                <fdggwsapi:FDGGWSApiOrderRequest xmlns:fdggwsapi="$fd_xsd"  xmlns:v1="$v1_xsd">
                <v1:Transaction>
                    <v1:CreditCardTxType>
                        <v1:Type>sale</v1:Type>
                    </v1:CreditCardTxType>
                    <v1:CreditCardData>
                        <v1:CardNumber>$card_number</v1:CardNumber>
                        <v1:ExpMonth>$card_exp_m</v1:ExpMonth>
                        <v1:ExpYear>$card_exp_y</v1:ExpYear>
                    </v1:CreditCardData>
                    <v1:Payment>
                        <v1:ChargeTotal>$price</v1:ChargeTotal>
                        <v1:Shipping>$shipping</v1:Shipping>
                    </v1:Payment>
                    <v1:Billing>
                        <v1:Name>{$_REQUEST['text1']} - {$_REQUEST['text2']} - {$_REQUEST['text3']}</v1:Name>
                        <v1:Email>{$_REQUEST['text4']}</v1:Email>
                        <v1:Phone>{$_REQUEST['text5']}</v1:Phone>
                        <v1:Address2>{$_REQUEST['text5']}</v1:Address2>
                        <v1:Address1>{$_REQUEST['text6']}</v1:Address1>
                    </v1:Billing>
                    <v1:Shipping>
                        <v1:Name>{$_REQUEST['info_name']}</v1:Name>
                        <v1:Address1>{$_REQUEST['info_street']} {$_REQUEST['info_APT']}</v1:Address1>
                        <v1:City>{$_REQUEST['info_city']}</v1:City>
                        <v1:State>{$_REQUEST['info_state']}</v1:State>
                        <v1:Zip>{$_REQUEST['info_zip']}</v1:Zip>
                    </v1:Shipping>

                </v1:Transaction>
            </fdggwsapi:XXXApiOrderRequest>
        </SOAP-ENV:Body>
        </SOAP-ENV:Envelope>
SOAP;
//        echo htmlentities($soap);

    $link = "https://ws.firstdataglobalgateway.com/****";

    $store_id = "***";
    $user_id =      "***";
    $pass = "***";
    $key_pass = "***";
    $uss_pass =  ('WS'.$store_id.'***:'.$pass);


    $path = "/home/hoster/ssl_firstdata/";
    $pem_path = $path . "***.pem";  
    $key_path  = $path. "***_.1.key";

    $ch = curl_init($link);
    curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: text/xml") );
    curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);curl_setopt($ch, CURLOPT_USERPWD, $uss_pass);
    curl_setopt($ch, CURLOPT_POST, 1);curl_setopt($ch, CURLOPT_POSTFIELDS, $soap);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
    curl_setopt($ch, CURLOPT_SSLCERT, $pem_path);//pem file
    curl_setopt($ch, CURLOPT_SSLKEY, $key_path); // crt file
    curl_setopt($ch, CURLOPT_SSLKEYPASSWD, $key_pass);

    $res = curl_exec($ch);

    //$xml = simplexml_load_string('<?xml version="1.0" encoding="UTF-8"? >'.$res);
    $xml = simplexml_load_string('<?xml version="1.0" encoding="UTF-8"?>'.$res);


    $ch = $xml->children('SOAP-ENV',true);$ch = $ch[1];$ch = $ch->children('fdggwsapi',true);$response = $ch[0];
    $orderId = trim((string)$response->OrderId);

    mysql_connect($db_host , $db_user, $db_pass);
    if(!mysql_select_db($db_name))
    {
        echo "Create the database please";
        exit;
    }

    $result = array(
                'Order Number' => $orderId,
                'errorMessage' => (string)$response->ErrorMessage,
                'response' => $res,
                "\n\nv_name" => $_REQUEST['text1'],
                'v_degree' => $_REQUEST['text2'],
                'v_graduation' => $_REQUEST['text3'],
                'v_email' => $_REQUEST['text4'],
                'v_phone' => $_REQUEST['text5'],
                'v_address' => $_REQUEST['text6'],
                "\n\nOrder Details" => "\n",
                'v_quantity' => $_REQUEST['count'],
                'cost' => ($_REQUEST['count'] == '50' ? '$25.00' : '$38.00'),
                'shipping and handling' => '$8.65',
                'total price' => ($_REQUEST['count'] == '50' ? '$33.65' : '$46.65'),
                "\n\nShipping Information" => "\n",
                'name'  => $_REQUEST['info_name'],
                'street' => $_REQUEST['info_street'],
                'apt' => $_REQUEST['info_APT'],
                'city' => $_REQUEST['info_city'],
                'state' => $_REQUEST['info_state'],
                'zip' => $_REQUEST['info_zip']
        );


    if(strlen($orderId) != 0 && strpos((string)$response->ErrorMessage,'database error') === false)//success
    {
        $result['success'] = 1;
        $link = 'order.php?step=3';
        $subject = "order submitted";
    }
    else
    {
        $result['success'] = 0;
        $link = 'order.php?step=-3';
        $subject = "Error occured while creating order";

    }

   $_SESSION['data'] = $result;
   $into = array();
   $values = array();
   foreach($result as $key => $val)
   {
        $into[] = "`$key`";
        if($key == 'v_quantity') $values[] = addslashes ($val);
        else $values[] = "'".addslashes($val)."'";
   }
   $query = "INSERT INTO `***`.`orders` (".implode(', ',$into).") VALUES (".implode(', ',$values).");";
   
   require_once "send_mail.php";
   $sendTo = array($admin_email,$result['v_email']);
   send_mails($sendTo,$from,$subject,$result);

    mysql_query($query);
    header('Location: '.$link);
    exit;


function render()
{
    global $res,$xml;
//    var_dump($_REQUEST);           


//    echo $res;
//
    echo htmlentities($res);
/* */
    var_dump($xml);

}


?>

Link to comment
Share on other sites
PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted

See this information - http://us3.php.net/magic_quotes

 

Php.net thought it was better to automatically escape all external data, even if you weren't going to use the data in a query, rather than have someone spend a minute to learn a how to correctly escape data being put into a query.

 

If magic_quotes_gpc is on, you need to use stripslashes on your data to remove the escape characters or if the option is available to you, turn off the magic_quotes_gpc setting. You cannot unconditionally use stripslashes on your data as that would eliminate intentional \ characters in it when magic_quotes_gpc is not on.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.