Simple PHP problem

[maotx]

Im currently running a site that accepts file names as variables. Some file names have quotes in them, i.e. 1990's archive.txt
These quotes are messing with my php coding.
How can I retain the variables value without removing the quotes and not have php return an error?
Thanks

[ClubMed]

Not sure how you could do this without serious changes to the code.

Do you have a link and maybe a test account to your site?

[maotx]

Heres the code for the deletion of the file, it is passed as a variable from the browser:

$delete = $_GET['delete'];
$directory = "/home/mao/input/files";
$handle = opendir($directory);
if(isset($delete))
{
while(!unlink("$directory/$delete"));
}
closedir($handle);

And to restate problem for clarity, if $delete variable has a ' in it then the php, of course, dumps an error. And seeing how the variable name has to stay the same to delete the file, I need a different solution. The link in which this php is being used has sensitive information...I might be able to create a dumby if it is needed though.

[jkrohn]

You really should turn on Magicquotes. This will automaticly escape and quote characters and is a very good idea to prevent against code injection.

Aside from that, running addslashes() on the variable first will escape any quotes located in the variable.

addslashes()
http://us2.php.net/addslashes
and
stripslashes()
http://us2.php.net/manual/en/function.stripslashes.php

Jkrohn

[maotx]

Thanks, addslashes works for what i need