I have a really silly problem, but i cannot find a way to solve it,
I programming a helpdesk system, with support Tickets
I have a form in my website like
<form action="somepage.php" action="post">
<input id="reply" type="textarea">
<button id="replyButton" type="submit">Submit</button>
</form>
but when the user submits the text, and i show it in the website as the conversation between the user and the support assistant, it doesnt recognize the line breaks, i dont know if its putting \n\r or #10#13, or even nothing...
i've tested and when i press enter in the text area and click submit, when i get that same text from my database i get EMPTY SPACES where the linebreaks should be...
BTW> before displaying the text im using utf8_enconde($text) because people are typing speciales characters like letters with acute and ñ
In HTML you use the
<br>
tag for line breaks. Replace all line breaks (newline characters) with said tag and you should be fine. You can "convert" line breaks (newline characters) to that tag using nl2br() (it really only insert such tags after line breaks (newline characters).
Escape all special characters before storing it into the database. For instance in MySQL, you can use mysql_real_escape_string. This escapes all special characters while storing in the Database.
mysql_real_escape_string : http://php.net/manual/en/function.mysql-real-escape-string.php
Then use nl2br() while displaying back the content from Database.
nl2br() : http://php.net/manual/en/function.nl2br.php
Related
When a post is edited, the text will save and be cut off at the apostrophe, the character for apostrophe does not appear too. The weird thing is if you go to add event page, the info will not be saved in database if the text includes apostrophe. I tried set charset utf8 but that had no effect (This method get from forum).
Can anyone suggest a solution for allowing the character for apostrophe? Following is part of my code, I will provide any info if you need.
<textarea class="text-input textarea wysiwyg_mini" name="description" style="height:220px"><?php echo $page['description']; ?></textarea>
Any guidance would be appreciated.
Solved this by using mysql_real_escape_string to escape special characters in a string for use in an SQL statement. The example code is shown below
$description=sanitize_html(mysql_real_escape_string($_POST['description']));
I have a problem: so I have a data thats coming out of the database and stored in a text area. When the user changes the data in the text area, the content is sent to javascript and via AJAX (POST to a PHP script) the database is updated. This works fine until the user starts adding newlines. Then javascript transforms this into a \n-character and thus it gets stored in the database as \n.
What I want is to have actual newlines in my database and not the \n newline-characters. Is there any way that I can use php to replace the \n with an actual newline (NOT a br)? I have tried altering the database field after the edit with the char(10), but for some reason this is not working in the script except when I do it manually in phpmyadmin?
When editting with a full php request, the newline in a text area is correctly stored as a char(10) in mysql, not as \n.
Anyone got a clue?
Store it as it is but escape first with real_escape_string
real_escape_string converts what is a newline into the 4 character string '\n\r'
$text = $mysqli->real_escape_string($text);
Use [nl2br][1] function to replace /n with newline
Insert line breaks where newlines (\n) occur in the string:
<?php
echo nl2br("One line.\nAnother line.");
?>
The browser output of the code above will be:
One line.
Another line.
I have two issues
When I submit the character ' through my HTML form (using POST) it is fine. However, in the form I allow to modify the submitted content, when it is brought in, anything after the ' disappears. I've deduced that this is because when I assign the text content containing the ' to the text field, it closes the quote. For example, if I submit Hello there I'm John, it will do: <input type=text value='Hello there I'm Jon />
So you see, the apostrophe in I'm closes the quote for the value attribute. So the only solution I can think of would be to escape the apostrophe, but even when I leave my mysql_real_escape_string() function on the content (as it's submitted to a database escaped and retrieved for this form).
Similarly, when I submit an & or a +, it disappears. This happens any time I try to print it anywhere, regardless of using the htmlspecialchars() function (which I was under the impression should encode them in HTML format for such characters, like: &). so as an example, if someone enters Me & you then it will be displayed as Me you.
So I'm asking: How can I fix the above issues, seeming to have to do with special characters, despite already having them escaped (and I even tried applying the escape function again)? If there is any sample code I should supply, please let me know, but I've explained what I am doing to each input.
When I submit the character ' through my HTML form (using POST) it is fine. However, in the form I allow to modify the submitted content, when it is brought in, anything after the ' disappears. I've deduced that this is because when I assign the text content containing the ' to the text field, it closes the quote. For example, if I submit Hello there I'm John, it will do: <input type=text value='Hello there I'm Jon /> So you see, the apostrophe in I'm closes the quote for the value attribute. So the only solution I can think of would be to escape the apostrophe, but even when I leave my mysql_real_escape_string() function on the content (as it's submitted to a database escaped and retrieved for this form).
This has nothing to do with submitting the data. You are trying to use ' in an attribute value that is delimited with ' characters.
Use htmlspecialchars($data, ENT_QUOTES)
Similarly, when I submit an & or a +, it disappears. This happens any time I try to print it anywhere, regardless of using the htmlspecialchars() function (which I was under the impression should encode them in HTML format for such characters, like: &). so as an example, if someone enters Me & you then it will be displayed as Me you.
In data encoded as application/x-www-form-urlencoded & means "Start of new key=value pair" and + means "A space". You need to urlencode($data).
First, it helps to properly contain HTML attributes, like so:
<input type="text" value="Hello there I'm Jon" />
I'm using double quotes, notice the trailing quote on the value, which your original didn't have. If you then wrap the value in htmlentities() you'll be able to properly display/save " or any other value in your form.
While double quotes aren't strictly necessary in HTML5 (' will work just fine in most cases), they are at least encouraged. If you're using some variant of XHTML, they are required.
A lazy but fast way to do things here is use urlencode() on the contents of the fields before they are posted, and the urldecode() on the other side.
It's not the proper way, or the nice way ... but it works if you don't want to write some specific code to handle the cases.
I have a text field that inserts its content into an SQL table. Often, I will want this content to have <p> html tags within, based on line breaks in the text field. I have tried doing a replace before inserting:
str_replace("</p><p>", "\n", $_POST["body"]);
and I have tried doing a replace with escape characters:
str_replace("</p><p>", "\n", $_POST["body"]);
with no success. Meaning they still appear as text field line breaks. There is no security issue as the field can only be accessed by an administrator. Thank you for your help.
it seems both times you are trying to replace contrary - a </p><p> to \n which obviously fails
try to swap str_replace argumants.
I don't understand what SQL has to do here though
How about replacing each separately?
str_replace(array("</p>", "<p>"), array("\n","\n"), $_POST["body"]);
I think the problem is in " latter, like google, try replacing it with ' or call function addslashes() on your text.
I created a form where users can enter html code and it outputs their code in another textarea. The problem is that if the html the user enters has a textarea in the code, the in their code breaks my textarea form. I see other sites display any html correctly so how is this done without breaking the form and allowing the user to copy it so that it still remains as and not some converted code so they can paste it on their webpage?
Ah crap yeah I figured it out, in fact the problem wasn't with the htmlspecialchars code alone I forgot to add a return to one of my functions haha. Thanks guys.
Represent characters that have special meaning in HTML using entities. Since you are using PHP, use htmlspecialchars
There are millions and millions of ways to do this. The easiest is to use htmlspecialchars or htmlentities on the user's input. This will make a visual </textarea> in the textarea box without closing it. This actually turns it into </textarea>. htmlspecialchars transforms less characters than htmlentities and usually makes more sense to use in a situation like this, but do your research.
strip_tags() is also a possibility.
You can also use a regular expression with PCRE, or even str_replace() or other string manipulation functions to strip off the textarea, convert the special characters, etc.
PECL also as a BB code extension you can use if you still want your users to be able to enter some for of tags to style their output.
<textarea><?php echo htmlentities($code); ?></textarea>
You have to transform the html code into symbols, so it is not treated as html.
Use the function htmlentities() on the textarea content before echoing it.