This may be OK if you need to use this value in order to build a SQL statement to perhaps insert the value into a DB, but otherwise it's a pain!

(I have read that you should never need to call stripslashes() in this instance - but I think this may have been in a discussion regarding SQL (as above) - anyway...)

I have had this same problem and I have used stripslashes() [uk.php.net] to successfully remove the slashes before saving the textarea content to a file. It works.

In getting the textarea CONTENT, I have done the following:

$CONTENT = isset($_POST["content"]) ? $_POST["content"] : null; 
if (!is_null($CONTENT) && get_magic_quotes_gpc()) { 
 $CONTENT = stripslashes($CONTENT); 
}

NB: Apparently magic quotes have been completely removed from PHP6, along with the function get_magic_quotes_gpc() [uk.php.net]!

<?
$pagename=$_REQUEST["p"]; //Request the variable p from the URL

$CONTENT = isset($_REQUEST["content"]) ? $_REQUEST["content"] : null; if (!is_null($CONTENT) && get_magic_quotes_gpc()) { $CONTENT = stripslashes($CONTENT); } //Pender's code

$fullpage= "../" . $pagename . ".inc"; //creates the full URL path for the .inc file
$file=fopen($fullpage,"w"); //opens the .inc file
echo fwrite($file,$content); //writes the content to the .inc file
fclose($fullpage); //closes the file

echo "(Some stuff that lets the user know the page has been updated.)"; //self-explanatory

?>

There are size limitations with the GET method, however. If you are posting back a large block of text it may be better to use method="POST" ?

$_REQUEST["content"]

Presumably you have a textarea field with name="content"? My code is an example, you may need to tailor it to suit.

Also, you are assigning to $CONTENT (uppercase), but you are writing out $content (lowercase) - two different variables!

The $_REQUEST[] superglobal is an amalgamation of $_GET, $_POST, and $_COOKIE so should always work as well.

Just a thought... security. One reason to use the correct $_GET or $_POST rather than $_REQUEST is security.

For instance, if your form submits the data back as post data and in your code you are checking something like:

if (isset($_REQUEST["username"])) { // Do something }

Even if your form did not submit anything, a hacker could simply append "

?username=bob

I am acually using a combination of POST and GET. The action of the form is set to "update.php?p=pagename" where pagename is the name of the page you are editing (That uses GET). Then the textarea is POSTed because of the issues mentioned above.

I see your point about security. Normally, I would be concerned about this, but the entire directory is password-protected so only persons with a username and password can access it.

Thanks again!
Cheers,
Webfoo.

PS: For the record, the final code I used is:

<?
$pagename=$_REQUEST["p"];

$content = isset($_REQUEST["content"]) ? $_REQUEST["content"] : null; if (!is_null($content) && get_magic_quotes_gpc()) { $content = stripslashes($content); }

$fullpage= "../" . $pagename . ".inc";
$file=fopen($fullpage,"w");
echo fwrite($file,$content);
fclose($fullpage);

echo "Some stuff to let user know the page has been updated.";

?>

THANK YOU SO MUCH, Penders! Your point about upper/lower case variables turned out to be the issue. It now works.

No worries, glad you got it sorted. Must admit I was assuming quite a bit regarding your GETs and POSTs - looks like you had that sorted already.

I tend to have my global vars all uppercase, hence "$CONTENT" - a global variable in my code.

Just a point... you could try setting:

error_reporting(E_ALL);

ini_set('display_errors','1');

...oh, and welcome to webmasterworld! :)