O.K. I am collecting PHP code in a textarea and then using var_export() to a file for later use. In the file, the PHP is in single-quotes.
I am having issues trying to make sure that things are escaped correctly. If PHP code is submitted with no single-quotes and no escaping, then all is well. If magic_quotes_gpc = 1 then i just use stripslashes(). If PHP code is submitted and the code has slashes in it already ( example: echo "<a href=\" ) then all is well if magic_quotes_gpc = 0, if not then the first " is escaped and the \ is escaped. Also, if magic_quotes_gpc = 0 then single-quotes aren't escaped and if magic_quotes_gpc = 1 then they are. I am going to have trouble explaining all of the variances here, but suffice it to say that add_slashes() and stripslashes() don't work reliably in my situation because add_slashes() escapes everything and stripslashes() strips any and all slashes, even if I want them ( example: \\ ). What I need is a way to submit PHP code via a form, save it via var_export() in a PHP file and then retrieve it to view or eval() as PHP code. var_export seems to export strings surrounded in single-quotes so I need singles escaped, slashes escaped, but not doubles. I need a solution that works with magic_quotes_gpc = 0 or magic_quotes_gpc = 1. TIA -Shawn -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
