I have a script that POSTs a title and a textblock to another script. If the script sees that the title is missing it dies and displays an html form, with the data of the textblock as a hidden variable to be posted back to the orignal script.
It works ok, until I add single or double quotes into the textblock. Then the output gets truncated or replaced with backslashes if it is posted back. I have tried using addslashes() but that adds to the problem.
Below is sample code of the submitting script:
$Page_Data=$_POST['Page_Data'];
echo "<hr /><h2>Add Page</h2><br />
Fill out the information below, then click on \"Submit\"<br /><br />
<form method=\"post\" action=\"../CGI-BIN/Add_Page.php\">
Page Title: <input type=\"text\" name=\"title\" value=\"$title\" size=\"35\" /><br />
<br />
Enter the text below:<br />
<textarea name=\"Page_Data\" rows=\"20\" cols=\"65\" wrap>$Page_Data</textarea>
<br /><br />
<input type=\"submit\" value=\"Submit\" />
</form>
Here is a sample of my processing code:
$POST_Array=array("title","Page_Data");
foreach($POST_Array as $POST_Item)
{
$$POST_Item=$_POST[$POST_Item];
}
if($title=="")
{
die("
<html>
<head><title>Data is Missing!</title></head>
<body bgcolor=\"".$_SESSION['BG_Color']."\" style=\"color: ".$_SESSION['Text_Color'].";\">
Sorry, but you are missing the title for this page.<br />
Please go back and insert a title.
<form method=\"post\" action=\"../Pages/Administration.php\">
<input type=\"hidden\" name=\"PHPSESSID\" value=\"PHPSESSID\" />
<input type=\"hidden\" name=\"Admin_Function\" value=\"Manage Pages\" />
<input type=\"hidden\" name=\"Page_Function\" value=\"Add Page\" />
<input type=\"hidden\" name=\"Page_Data\" value=\"$Page_Data\" />
<input type=\"submit\" value=\"OK\" />
</form>
</body>
</html>
");
}
Any suggestions would be greatly appreciated.
