I'm using a php/MySQL based online library catalog system called OLA. It works perfect, except for the unseemly backslashes that appear before all single/double quotation marks in the data when (and only when) they are printed out.
I do note this is a common problem for many other php scripts, and I am aware that there is a way of killing those backslashes is to use the stripslashes command line, but the problem is I don't know how to write it and where to put it. I tried to contact the developpers of the script, but their email addresses proved invalid. Can I look for your help?
What follows are the two pages where I suspect the stripslashes command line should be added.
Thanks in advance
RePort
<hr>
view.php
- Code: Select all
<?php
/***************************************************************************
* ONLINE LIBRARY APPLICATION (OLA) http://ola.sourceforge.net/
* (c) 2002 S. Rawlinson and N. Flear Licenced under GPL (see licence.txt)
****************************************************************************
* view.php - version 2.0
* - displays full record of one resource
***************************************************************************/
require_once ("standard.inc.php");
// check variables and url parameters
check_param_empty ();
check_param ("id");
// consult database
if (empty ($errormsg)) {
$sql = "SELECT * FROM resource WHERE resource_id = " . $HTTP_GET_VARS["id"];
$rs = get_recordset ($sql);
}
if (empty ($errormsg)) {
$resource = db_make_1D_array ($rs);
}
// print page
if (empty ($errormsg)) {
$admin_menu = "";
$checkout = "";
$update_link = "";
// Display extra fields if Admin
if (is_admin ()) {
$acquired = $resource["date_acquired"];
$donated_by = $resource["donated_by"];
if ($acquired == "")
$acquired = " ";
if ($donated_by == "")
$donated_by = " ";
// only allow checkout for books on shelf
if ("On Shelf" == $resource["status"]) {
$checkout_link = "<a href=\"checkout1.php?id=" . $id . "\">Check-out Resource</a>";
}
else {
$checkout_link = "You can only check-out books that have an 'on shelf' status.";
}
$update_link = "<a href=\"update1.php?id=" . $id . "\">Update Record</a>";
$list = array (
"ACQUIRED" => $acquired,
"DONATED" => $donated_by
);
$admin_menu = simple_tpl ("view_admin.tpl", $list);
}
// -- should replace blank with
$list = array (
stripslashes_array($list);
"RESID" => $HTTP_GET_VARS["id"],
"LOCATION" => $resource["location"],
"MEDIA" => $resource["media"],
"STATUS" => $resource["status"],
"SUBJECT" => $resource["subject"],
"TITLE" => $resource["title"],
"AUTHOR" => $resource["author"],
"YEAR" => $resource["year"],
"ISBN" => $resource["isbn"],
"COMMENTS" => $resource["comments"],
"ADMINITEMS" => $admin_menu,
"UPDATE" => $update_link,
"CHECKOUT" => $checkout_link
);
$output = simple_tpl ("view.tpl", $list);
}
output_html ("View Resource", $output);
?>
<hr>
search.php
- Code: Select all
<?php
/***************************************************************************
* ONLINE LIBRARY APPLICATION (OLA) http://ola.sourceforge.net/
* (c) 2002 S. Rawlinson and N. Flear Licenced under GPL (see licence.txt)
****************************************************************************
* search.php - version 2.0
* - displays search results of the resource table
***************************************************************************/
require_once ("standard.inc.php");
// check variables and url parameters
check_param_empty ();
check_param ("submit");
if (empty ($errormsg)) {
if ($HTTP_GET_VARS["submit"] == "Search") {
check_param ("search_type");
check_param ("search_text");
}
else if ($HTTP_GET_VARS["submit"] == "Browse") {
check_param ("browse_media");
check_param ("browse_subject");
}
else {
$errormsg .= "Error: Bad url format. Incorrect submit=xxx.<br>";
}
}
// consult database
if (empty ($errormsg)) {
// set $pos to form
$pos = 0;
if (exists_param ("pos") && $HTTP_GET_VARS["pos"] % ROWS_PER_PAGE == 0) {
$pos = (int) $HTTP_GET_VARS["pos"];
}
$sql = "SELECT * FROM resource ";
// if Serach
if ($HTTP_GET_VARS["submit"] == "Search") {
$sql .= "WHERE ";
if ($HTTP_GET_VARS["search_type"] == "title") {
$sql .= "title LIKE '%" . $HTTP_GET_VARS["search_text"] . "%' ";
$sql .= "ORDER BY title ASC";
}
else if ($HTTP_GET_VARS["search_type"] == "author") {
$sql .= "author LIKE '%" . $HTTP_GET_VARS["search_text"] . "%' ";
$sql .= "ORDER BY title ASC";
}
// if Browse
}
else if ($HTTP_GET_VARS["submit"] == "Browse") {
if ($HTTP_GET_VARS["browse_media"] != "All") {
$sql .= "WHERE media = '" . $HTTP_GET_VARS["browse_media"] . "' ";
$sql .= "ORDER BY title ASC";
}
else if ($HTTP_GET_VARS["browse_subject"] != "All") {
$sql .= "WHERE subject = '" . $HTTP_GET_VARS["browse_subject"] . "' ";
$sql .= "ORDER BY title ASC";
}
else {
$sql .= "ORDER BY subject, title ASC";
}
}
$rs = get_recordset ($sql, ROWS_PER_PAGE, $pos);
}
if (empty ($errormsg)) {
$result = db_make_2D_array ($rs);
}
// print page
if (empty ($errormsg)) {
global $pos;
$tpl = new FastTemplate ("tpl");
$tpl->define (array (
"row" => "search_row.tpl",
"table" => "search.tpl"));
while (list ($key, $val) = each ($result)) {
// define output keys
$id = $val["resource_id"];
$media = $val["media"];
$subject = $val["subject"];
$title = $val["title"];
$author = $val["author"];
$year = $val["year"];
// alternate colour in table
if (0 == ($key % 2)) {
$row_colour = "type2"; // light grey
}
else {
$row_colour = "type1"; // white
}
if ($media == "") $media = " ";
if ($subject == "") $subject = " ";
if ($title == "") $title = " ";
if ($author == "") $author = " ";
if ($year == "") $year = " ";
// url to view
$view = "href=\"view.php?id=" . $id . "\"";
$tpl->assign (array (
"MEDIA" => $media,
"SUBJECT" => $subject,
"TITLE" => $title,
"AUTHOR" => $author,
"YEAR" => $year,
"VIEW" => $view,
"COLOUR" => $row_colour));
$tpl->parse ("ROWS", ".row");
}
// remove the old &pos= from the query string
// (assumes it is at the end and nothing after it!!)
if (intval (strpos (getenv ("QUERY_STRING"), "&pos")) != 0) {
$query = substr (getenv ("QUERY_STRING"), 0,
strpos (getenv ("QUERY_STRING"), "&pos"));
}
else {
$query = getenv ("QUERY_STRING");
}
if ($pos >= ROWS_PER_PAGE) {
$prev = "<a href=\"search.php?" . $query . "&pos=" . ($pos - ROWS_PER_PAGE) . "\"><<< Previous</a>";
}
else {
$prev = " ";
}
if (count ($result) == ROWS_PER_PAGE) {
$next = "<a href=\"search.php?" . $query . "&pos=" . ($pos + ROWS_PER_PAGE) . "\">Next >>></a>";
}
else {
$next = " ";
}
$tpl->assign (array ("NEXT" => $next, "PREV" => $prev));
$tpl->parse ("CONTENT", "table");
$output = $tpl->fetch ("CONTENT");
}
output_html ("Search", $output);
?>
