I've created a PHP blog system. Here's what the 'create a post feature' looks like
Here's the code for it:
<?php
session_start();
include('db_connect.php');
if(!isset($_SESSION['user_id'])){
header('Location: login.php');
exit();
}
if(isset($_POST['submit'])){
$title = $_POST['title'];
$body = $_POST['body'];
$category = $_POST['category'];
$title = $db->real_escape_string($title);
$body = $db->real_escape_string($body);
$user_id = $_SESSION['user_id'];
$date = date('Y-m-d G:i:s');
$body = htmlentities($body);
if($title && $body && $category){
$query = $db->query("INSERT INTO posts (user_id, title, body, category_id, posted) VALUES('$user_id', '$title', '$body', '$category', '$date')");
if($query){
echo '<div style="position:absolute; bottom: 40px; left: 500px; padding: 10px; background: red; box-shadow: 0px 3px 12px 2px #000; color: #fff;">Post Added</div>';
}else{
echo '<div style="position:absolute; bottom: 40px; left: 500px; padding: 10px; background: red; box-shadow: 0px 3px 12px 2px #000; color: #fff;">An unexpected error has occured.</div>';
}
}else{
echo '<div style="position:absolute; bottom: 40px; left: 500px; padding: 10px; background: red; box-shadow: 0px 3px 12px 2px #000; color: #fff;">Please enter all the required information to proceed</div>';
}
}
?>
<div id="mainbox">
<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
<input type="text" name="title" placeholder="Enter Post Title Here">
<p></p>
<textarea name="body" cols=50 rows=10 placeholder="Enter Post Content Here"></textarea>
<p></p>
<select name="category">
<?php
$query = $db->query("SELECT * FROM categories");
while($row = $query->fetch_object()){
echo "<option value='".$row->category_id."'>".$row->category."</option>";
}
?>
</select>
<p></p>
<input type="submit" name="submit" value="Submit">
</form>
</div>
When I click submit hover and the post is created, it turns out like this:
As you can see, the paragraphs I added in have been removed. How do I prevent this and keep the paragraphs?
The way the data is entered is with new line characters. When this is pasted in an HTML page though, they are not visible because whitespace is collapsed in HTML. To keep the line breaks, convert them to HTML with nl2br().
Note that it is better to convert the data each time you print it out, not store it in the database with <br> tags. Otherwise if you go to edit the post, suddenly you're dealing with HTML and not plain text - not something users expect. Not only that, but you would be exposing yourself to security risks by allowing arbitrary HTML.
So on that example page, do something like this:
<?php
while($query->fetch()):
$html_body = nl2br($body);
$lastspace = strrpos($html_body, ' ');
?>
<h2><?php echo $title?></h2>
<p><?php echo substr($html_body, 0, $lastspace)."<a href='blog/post.php?id=$post_id'>..</a>"?></p>
<p>Category: <?php echo $category?>
<hr />
<p></p>
<?php endwhile?>
use htmlentities in php
or html pre tab
updated
echo "<pre>" . $postedData . "</pre>";
or
echo htmlentities($postedData);
Related
I have a simple chat website, and I'm trying to add a profile-picture feature. This is my code:
<?php
function loginForm(){
echo
'<div id="loginform">
<p>Please enter your name to continue!</p>
<form action="index.php" method="post">
<label for="name">Display Name: </label>
<input style="font-family: Sans-serif;" type="text" name="name" id="name" />
<label for="name">Profile picture: </label>
<input style="font-family: Sans-serif;" type="text" name="pfp" id="name" />
<input style="font-family: Sans-serif;" type="submit" name="enter" id="enter" value="Enter" />
</form>
</div>
<center><h2>Upload profile picture: </h2><br><?php error_reporting(0); ?> <?php $msg = ""; if (isset($_POST[\'uploadfile\'])) { $filename = $_FILES["choosefile"]["name"]; $tempname = $_FILES["choosefile"]["tmp_name"]; $folder = "image/".$filename; $_SESSION[\'pfp\'] = $folder; $db = mysqli_connect("localhost", "root", "", "Image_upload"); $sql = "INSERT INTO image (filename) VALUES (\'$filename\')"; ($db, $sql); if (move_uploaded_file($tempname, $folder)) { $msg = "Image uploaded successfully"; }else{ $msg = "Failed to upload image"; } } $result = mysqli_query($db, "SELECT * FROM image"); ?> <!DOCTYPE html> <html> <!DOCTYPE html> <html> <head> <title>Image Upload in PHP</title> <! link the css file to style the form > <style type="text/css"> #wrapper{ width: 50%; margin: 20px auto; } form{ width: 50%; margin: 20px auto; } form div{ margin-top: 5px; } img{ float: left; margin: 5px; width: 280px; height: 120px; } #img_div{ width: 70%; padding: 5px; margin: 15px auto; border: 1px solid #dad7d7; } #img_div:after{ content: ""; display: block; clear: both; } button, input, span { background: #41d18e; border: none; color: white; padding: 4px 10px; font-weight: bold; border-radius: 20px; } </style> </head> <body> <div id="wrapper"> <! specify the encoding type of the form using the enctype attribute > <form method="POST" action="" enctype="multipart/form-data"> <input type="file" name="choosefile" value="" /> <div> <button type="submit" name="uploadfile">Use as new profile pic</button> </div> </form> </div></center>';
}
?>
<div id="menu">
<?php echo "<img style=\"width: 20px; border-radius: 9999px;\" src=".$_SESSION['pfp'].">"; ?>
<p class="welcome"> Welcome, <b><?php echo $_SESSION['name']; ?></b></p>
<p class="logout"><a id="exit" href="#">Rename</a></p>
</div>
For some reason <p class="welcome"></p> works perfectly fine, but the image just doesn't show. I looked in my image folder but could not find the image that I uploaded earlier.
Thanks for all the support.
replace the line and see
"<img style="width:20px;",src=<?php echo $_SESSION['pfp'];?>"
his maybe the issue: Change so the image link/location is properly surrounded in quotes in the outputted html.
Im trying to create a way to upload images to a page but when i load the page i get the following result: Result
Why arent the images showing up? im cofused.
I have been hours trying to find the solution but i end up in the same place.
Code:
<?php
// Create database connection
include ('config.php');
// Initialize message variable
$msg = "";
// If upload button is clicked ...
if (isset($_POST['upload'])) {
// Get image name
$image = $_FILES['IMG_Link']['IMG_Name'];
// Get text
$image_text = mysqli_real_escape_string($link, $_POST['IMG_Name']);
// image file directory
$target = "GenFeed/".basename($image);
$sql = "INSERT INTO GenFeed (IMG_Link, IMG_Name) VALUES ('$image', '$image_text')";
// execute query
mysqli_query($link, $sql);
if (move_uploaded_file($_FILES['IMG_Link']['tmp_name'], $target)) {
$msg = "Image uploaded successfully";
}else{
$msg = "Failed to upload image";
}
}
$result = mysqli_query($link, "SELECT * FROM GenFeed");
?>
<!DOCTYPE html>
<html>
<head>
<title>Image Upload</title>
<style type="text/css">
#content{
width: 50%;
margin: 20px auto;
border: 1px solid #cbcbcb;
}
form{
width: 50%;
margin: 20px auto;
}
form div{
margin-top: 5px;
}
#img_div{
width: 80%;
padding: 5px;
margin: 15px auto;
border: 1px solid #cbcbcb;
}
#img_div:after{
content: "";
display: block;
clear: both;
}
img{
float: left;
margin: 5px;
width: 300px;
height: 140px;
}
</style>
</head>
<body>
<div id="content">
<?php
while ($row = mysqli_fetch_array($result)) {
echo "<div id='img_div'>";
echo "<img src='GenFeed/".$row['IMG_Link']."' >";
echo "<p>".$row['IMG_Name']."</p>";
echo "</div>";
}
?>
<form method="POST" action="ImageUpload.php" enctype="multipart/form-data">
<input type="hidden" name="size" value="1000000">
<div>
<input type="file" name="IMG_Link">
</div>
<div>
<textarea
id="text"
cols="40"
rows="4"
name="IMG_Name"
placeholder="Say something about this image..."></textarea>
</div>
<div>
<button type="submit" name="upload">POST</button>
</div>
</form>
</div>
</body>
</html>
Hope you guys can help me out on this one
PD: im aware the im using superglobal variables
I'm currently trying to make a blog. When I try to make a "preview" of the body of the post. The first post seems to be fine, but the second post goes over its div. I tried changing what tags to use and css formatting but it stays like that.
My code:
HTML
<div class="module">
<div class="blog">
<div class="recents">
<h2>Recent Posts</h2>
<br><br>
<?php
$sql = "select title, body, created_at FROM posts";
$result = mysqli_query($link, $sql);
$query = mysqli_query($link, $sql) or die(mysqli_error($link));
while ($row = mysqli_fetch_assoc($query)) {
$title = $row['title'];
$body = $row['body'];
$created_at = $row['created_at'];
if (strlen($body) > 500) {
$body = substr($body, 0, 500);
}
echo "<h3>" . $title . "</h3><br>";
echo "<p>" . $body . "</p>";
echo "<small>" . $created_at . "</small>";
echo "<br><br>";
}
?>
</div>
<div class="categories">
<h3>Categories</h3>
</div>
</div>
CSS
html {
font-family: 'IBM Plex Serif', serif;
}
.module {
background-color: #fffff7;
box-shadow: 3px 10px 18px #888888;
padding-top: 70px;
padding-left: 130px;
border: 1px solid;
width: 1080px;
margin-left: 380px;
height: 821px;
}
.blog {
display: flex;
flex-direction: row;
text-align: left;
}
.recents {
flex-grow: 2;
width: 570px;
}
.categories {
flex-grow: 1;
}
Any help would be appreciated.
It is because there are no spaces
to fix this try this:
word-wrap: break-word;
I have a simple search form on my basic page
<form action="../options-search.php" method="GET">
<input type="text" name="query" />
<input type="submit" value="Search" />
</form>
On the ../options-search.php page I have the following code
<?php
$conn = mysqli_connect($hostname, $user, $pass, $dbase);
$query = $_GET['query'];
$min_length = 3;
if(strlen($query) >= $min_length){
$query = htmlspecialchars($query);
$query = mysqli_real_escape_string ($conn, $query);
$raw_results = mysqli_query($conn, "SELECT * FROM Options WHERE (`options` COLLATE UTF8_GENERAL_CI LIKE '%".$query."%')" );
if(mysqli_num_rows($raw_results) > 0){
while($results = mysqli_fetch_array($raw_results)){
echo "<p>".$results['options']."</p>";
}
}
else{
echo "Nothing Found";
}
}
else{
}
?>
It works perfectly, however, some of the options have links in the database (for more info on the subject). For another page (not relevant here, but I was trying to use that code) I used the following line of code:
$data[] = $row['thumb'] == 'Yes' ? ">> $row[options]" : ">> $row[options]" ;
This works on that page, but I cannot seem to get it added to this part:
echo "<p>".$results['options']."</p>";
So basically, I want the code to figure out if there is a value named "Yes" in the field "thumb". If not, then it only needs to display the $results['options'], but if it is, it needs to add a link to it.
(It is the same database.)
I tried the following, but it doesn't work. The page is displayed without any errors, but the link isn't there.
echo "<p>".$results['thumb'] == 'Yes' ? ">> $results[options]" : ">> $results[options]"."</p>";
I also tried if / else statements, but I kept getting errors.
How can I solve this? Thank you.
Edit:
Html output. I only deleted the header and footer code.
Here's the Html code. I only deleted the header and footer information.
<div id="content" class="site-content"><div class="container"><div class="inner-wrapper"> <div id="separator-title">
</div><!-- #separator-title -->
<link href='https://fonts.googleapis.com/css?family=Lobster|Dancing+Script|Yellowtail|Kaushan+Script|Lobster+Two:400,400italic,700,700italic|Satisfy|Courgette|Playball|Tangerine|Bad+Script|Sacramento|Calligraffitti|Niconne|Parisienne|Eagle+Lake|Metal+Mania|Risque|Uncial+Antiqua|Amita|Spirax|Nova+Script' rel='stylesheet' type='text/css'>
<div id="primary" class="content-area">
<main id="main" class="site-main" role="main">
<h3>Options</h3>
<div style="padding-top:15px; padding-bottom:15px;">
<p><span style="color: #5e2132; font-size: 60px; float:left; padding: 0.25em 0.05em 0.25em 0; line-height: 0.4em; font-family:Lobster Two;">V</span>iew all of the options here. ***Page info not done yet***</p>
</p>
</div>
<h3>Search Results</h3>
<div style='padding-top:15px; padding-bottom:15px;'>
<p><span style='color: #5e2132; font-size: 60px; float:left; padding: 0.25em 0.05em 0.25em 0; line-height: 0.4em; font-family:Lobster Two;'>T</span>he search rendered the following Results: <br><br>
>> Cats</p>
<div style='padding-top:15px; padding-bottom:15px;'><p><span style='color: #5e2132; font-size: 60px; float:left; padding: 0.25em 0.05em 0.25em 0; line-height: 0.4em; font-family:Lobster Two;'>I</span>f you want to search for something else or view the complete list again, use the following button:</p>
<center><a style='border-radius: 8px; position: relative; background-image: linear-gradient(#fff,#834052b3); background-color: #fff; border: #5e2132 solid 2px; color: #5e2132; text-shadow: 0 1px 0 rgba(255,255,255,.5); box-sizing: border-box; display: inline-block; padding: 15px 15px 15px 15px; margin: auto; font-weight: bold; cursor: pointer; margin-top: 10px;' href='../options/'>Back to Options</a></center>
echo $results['thumb'] == 'Yes' ? "<p>>> " . $results[options] . "</p>" : "<p>>> " . $results[options] ."</p>";
you have misplaced the string connectors and one paragraph closing tag
So I have a variable, its called $comments.
but every time I do it I want it to break a line and echo out the new one I submit. Right now it just replaces the current one.
So everytime I click submit I would like it to make a NEW comments and not just write over the old one.
this is what I currently have, But everytime i hit submit it just overwrites the previous comment. I want it to break a line and display the next one without erasing teh previous
<?php
session_start();
if(isset($_POST['add'])){
$text = $_POST['content'];
$author = $_POST['author'];
$comment = $text. ',' .$author;
$_SESSION['cm'] = $comment;
echo '<b>';
}
?>
<!DOCTYPE>
<html>
<head>
<style>
body{
text-align: center;
margin: 10px 0 0 0;
}
.listing{
text-align: left;
border-top: 2px solid #000;
padding: 15px;
}
input{
font-size: 16px;
padding: 5px;
text-align: center;
}
input[type=submit]{
display: block;
margin: auto;
margin-top: 10px;
}
#gotolink{
position: absolute;
top: 15px;
right: 15px;
}
.listing > div{
max-width: 100%;
word-break: break-all;
}
</style>
</head>
<body>
<div id="gotolink"><button onClick='document.getElementById("bottom").scrollIntoView({block: "end", behavior: "smooth"});'>Scroll to bottom</button></div>
<p>Try and stay</p>
<p>Creating new test</p>
<form action="" method="POST">
<input type="text" name="content" placeholder="Text">
<input type="text" name="author" placeholder="Name">
<input type="submit" value="Submit" name="add">
</form>
<div class="listing">
<?php echo '<div>' .$_SESSION['cm']. '</div>'; ?>
</div>
<div id="bottom"></div>
</body>
</html>
$_SESSION['cm'] = $comment;
Replace with:
$_SESSION['cm'] .= $comment."<br>";