\ characters adding where they shouldn't be

PHP:

$var = "Sum Random'z String"s with quotemarks"
$send = base64_encode($var)

Then it sends the base64 encoded string to server.

Server part (Python) tryes to decode the base64-encoded content and write it into file:

f = open("/root/data.yml","w")
f.write(base64.b64decode(sys.argv[1]))
f.close()

sys.argv[1] is $send

However, when i open data.yml in nano or cat, i get this:

Sum Random\'z String\"s with quotemarks

I dont want \ there. Is there a way so the \ character will not appear there, when i open it in nano or cat? What shall i chang开发者_开发技巧e? EDIT: $var is taken from textarea where there are no \

You don't need to escape both the single and double quote. You only need to escape what you're quoting the string with (i.e. ")

$var = "Sum Random'z String\"s with quotemarks";

This may not be your only problem. But it is part of the problem.

UPDATE

Per your update of $var being set with data from a form textarea, you need to look at stripslashes()

The problem here i think is that your escaping a charactor that does not need to be escaped, single qoutres inside double qoutes do not need to be escaped, and visa-versa.

example:

OK; " ' "
OK; ' " '
NO; ' ' '
OK; ' \' '
NO; " " "
OK; " \" "

Try doing the following:

$var = 'Sum Random\'z String"s with quotemarks';
$send = base64_encode($var);

Edit: you never said anything about it coming from a textarea, try running stripslashes on the value before you encode it.

the php looks fine to me. i bet there is some security mechanism that's escaping dangerous characters behind you back.

you can unescape them yourself with the equivalent of stripslashes in python.

It sounds like magic quotes are enabled in PHP.

If you have access you can edit the php.ini or try this before sending the data: ini_set('magic_quotes_runtime', 0);

Try this:-

f = open("/root/data.yml","w")
x = base64.b64decode(sys.argv[1])
x.replace("\"", "")
f.write(x)
f.close()

Hope it helps.