0

I want to ask a very simple question.

I am working on a project in which I have entered a code, say I am entering a code like :

<?php
echo "Test";
?>

On click of a save button, This code is being saved into a php file say testfile.php.

When I am running this file on windows 7 - wamp server, then this is OK, but When I hosted this file on 000webhost.com which is linux server then some backslashes (\) are added before " ". For writing into file, I am using code 

$code = $_POST['yourcode'];
$openphp = fopen("testfile.php","w");
fwrite($openphp, $code);
fclose($openphp);

In Linux server, this code is written as :

<?php
echo \"test\";

?>

I dont want to save this backslashes (\), how can I avoid this while writing the file

xlecoustillier
  • 16,183
  • 14
  • 60
  • 85
Rohitashv Singhal
  • 4,517
  • 13
  • 57
  • 105

3 Answers3

2

Make sure magic quotes is turned off on your Linux server:

http://php.net/manual/en/security.magicquotes.php

But your script seems pretty dangerous without any escaping or validation checking anyway...

james_tookey
  • 885
  • 6
  • 12
1

Create an .htaccess file in the same folder as your script and add the following

php_flag magic_quotes_gpc Off
DevZer0
  • 13,433
  • 7
  • 27
  • 51
0

You may configure php.ini for this 

; Magic quotes
;

; Magic quotes for incoming GET/POST/Cookie data.
magic_quotes_gpc = Off

; Magic quotes for runtime-generated data, e.g. data from SQL, from exec(), etc.
;magic_quotes_runtime = Off

; Use Sybase-style magic quotes (escape ' with '' instead of \').
;magic_quotes_sybase = Off

Or in the beginning of your php files you can set it with ini_set()

ini_set("magic_quotes_gpc", "Off");
HamZa
  • 14,671
  • 11
  • 54
  • 75
Raviraj
  • 26
  • 2
  • Your first solution won't work since he's on a shared server. Your second one won't work since `magic_quotes_gpc` can't be changed with `ini_set`, check this [list](http://php.net/manual/en/ini.list.php) – HamZa Jun 20 '13 at 08:36