Hello again, I had asked for info on quotation mark escapes and got told to use htmlentity(), but alas that makes no difference. Copied below are my two source codes... can anyone help?

#!/usr/bin/php
<html>
<title>Modifica Articolo </title>
<body>

<table border="cellspacing="5" cellpadding="1">
<tr>
<td width=100% valign = TOP>
Modifica:
<?php

$fname = "files/" . $_POST["mfilename"];
echo $fname."

";

//read and print file contents
echo "--ORIGINALE--
<hr>";

$data = file_get_contents($fname) or die ("Could not read file!");

echo $data;
echo "<hr>

";
$data = unhtmlentities($data);
function unhtmlentities($string)
{
$trans_tbl = get_html_translation_table(HTML_ENTITIES);
$trans_tbl = array_flip($trans_tbl);
return strtr($string, $trans_tbl);
}

echo "--MODIFICA--
(accetta html)
";
// now to output the form HTML.
echo "<form method=\"post\" action=\"salva.php\">";
echo "<table border=\"cellspacing=\"5\" cellpadding=\"1\">";

echo "<td><TEXTAREA NAME=\"data\" ROWS=40 COLS=120>$data</TEXTAREA></td>

";
echo "<input type=\"hidden\" name=\"fname\" value=\"$fname\">";

echo "<tr><td colspan=\"2\"><input type=\"submit\" value=\"Salva\" name=\"submit\">
<input type=\"reset\" value=\"Cancella Modifiche\" name=\"reset\">
</td>
</tr>";

echo "</table></form>";

?>


</td>
<td>
<? include "tags.html"?>
</td>

</tr>
</table>

<hr>

</body>
</html>

---salva.php---

#!/usr/bin/php
<html>
<head>
<title>Salva Articolo</title>
<meta http-equiv="REFRESH" content="10; URL=admin.php">
</head>

<body>

<?php

// get data from post
$data = $_POST["data"];
$data = htmlentities($data);
$dest = $_POST["fname"];

// write destination
$fp = fopen ("$dest", "w") or die("Non ho potuto aprire il file richiesto");
fwrite($fp, $data) or die("Non ho potuto scrivere il file richiesto!") ;
fclose($fp) or die ("Non ho potuto chiudere il file richiesto!");

// too new version, not supported apaprently
//file_put_contents($dest, $data) or die("Non ho potuto scrivere il file richiesto!");

// print confirmation
echo "File salvato, trasferimento automatico in 10 secondi

";
echo " Oppure clicca qua per tornare subito";

?>

</body>
</html>

how about stripslashes() ?

^o^
are you in Asia? do you watch Animax Asia? Please Vote

htmlentity is useful to convert all characters to its HTML code equivalent (if it have one).

htmlspecialchars is similar, but only convert a few critical chars.

stripslashes() , judging by its name is used to strip the slashes (if any) out of characters that requires escaping. complete explanation on the page above :P

^o^
are you in Asia? do you watch Animax Asia? Please Vote

Thanks, I think I can fiddle with stripslashes :D