I have text area and when the user submit the form I save the data into my db
in db the line breaks work excellently but when displaying them back with echo the line breaks disappear :(
I check all things and removed all validation functions like strip_tags and so on just printed it pure from db but the same thing so can anyone tell me what went wrong ?
thnx in advance
Line breaks in textarea is \r\n while for browsers it's just white-space. You need to replace them with <br /> tag. php took care of it and you have nl2br function for that:
echo nl2br($stringFromDB);
Note: when you output user-input always escape it at first. So basically you should be doing:
// Chaining functions like this is bad. Avoid in real world apps.
echo nl2br(htmlspecialchars($stringFromDB, ENT_QUOTES, 'UTF-8'));
Related
I'm creating a PHP Form and part of the form users must copy and paste an essay into a . When we generate the results of the form all formatting is lost. All I need is for line breaks and/or double spacing to remain as the user sees it when they are submitting the form.
I've read about installing a HTML rich text editor, but I'm new to this and I can't find any straight answers for my situation.
Data entered into the form is received on our SQL and then posted to an HTML document we can download.
Your problem is with displaying: Just check the source code of the resulting page.
HTML does nto care about line breaks and also mangles whitespace.
So two easy solution comes up:
Line breaks to <br/>
echo str_replace("\n", "<br/>", $myInputText);
This converts the ordinary line breaks to line breaks understood by HTML. This can be done when storing the content - then no changes arte needed to the duisplaying part.
(Or you can put this into the displaying part too, and not change the upload logic.)
Using <pre></pre>
echo "<pre>$myInputText</pre>";
This applies all the whitespace formatting to the content, and is better ot put to the displaying part.
Using your comment
If I understood well what you'd like to achieve, this is the easiest:
$HTMLBODY .= "<h2>ESSAY</h2>"; //note the </h2>!
$HTMLBODY .= "<p><pre>" . $_POST['essay'] . "<pre></p>";
Also, at the same time, be careful with using unsanitized $POST[''] entries: someone with a bit of hackish instinct might do crazy things to your site...
Trying to keep new lines and unescaped values intact in a textarea being repopulated with data during a PRG cycle. At what point do you assign the variable correctly so that new lines are recognized?
I've tried double quotes, nl2br, htmlentities, stripslashes but I can't seem to get it. Some attempts:
Assigning during the intial prg $_SESSION array:
$_SESSION['prg']['textarea'] = "$textarea";
When passing from prg array to var:
$textarea = htmlentities($_SESSION['prg']['textarea']);
When echoing into the textarea:
<textarea name="textarea"><?php if(isset($textarea)) echo nl2br($textarea); ?></textarea>
And various combinations of the above, including the initial $_POST, directly after sanitizing.
Also, in case anyone asks: the escaping works as intended, db insert results are fine. It's just the form repopulating that's throwing things off.
I'm sure this is just a symptom of amateur hour... Looking for php/html solution only. Thanks in advance.
I don't think you want to be calling nl2br when you populate the text area if you want to keep the newlines showing up properly in the textarea. The htmlentities part is good though.
while storing the data use addslashes($_POST['textarea']) and while displaying use stripslashes($textarea)
I'm having trouble getting data out of the database and echoing out in a HTML page textarea.
This is the code used to get the data into the database:
$_SESSION['content'] = mysqli_real_escape_string($link, strip_tags($_POST['content'],'<a>'));
This simply strips HTML tags except for links and stores in the database. If you look in the database, the line breaks are invisible but there, so i assume they are \n and \r.
If i were to type into a textarea:
This should be a
New line
The database stores this as:
This should be a<br>
New line
When echoed out into a textarea, this is what's displayed:
This should be a \r\n\r\nNew line
I'm sure i'm missing something very simple, any help greatly appreciated.
UPDATE:
If i remove mysqli_real_escape_string, the line breaks are preserved and work perfectly, do I have to sacrifice security for this?
SOLVED:
mysqli_real_escape_string causing the problem, do not echo out a variable which has had this applied. Only use mysqli_real_escape_string when inserting, deleting, etc from a database, not before, definitely not after ;)
Thanks everyone!
Use the correct HTML/CSS.
;-)
The line breaks all work in an HTML pre tag, or in a tag with the CSS white-space property set to:
white-space: pre;
Resources:
http://www.w3schools.com/cssref/pr_text_white-space.asp
http://www.quirksmode.org/css/whitespace.html
Firstly, you shouldn't be using nl2br as this will change your \n's to <br>'s.
You will most likely need to strip the slashes echo stripslashes($_SESSION['content']).
Edit following further comments:
If the data is stored as <br>'s in the database, you can just do str_replace('<br>',"\n",$string); which will convert the <br>'s into \n's
This worked for me:
function br2nl( $input ) {
return preg_replace( '/\<br.*\>/Ui', '', $input );
}
For very long lines, you also need the text to wrap instead of potentially break out of its parent container. To cover this case, but also preserve new lines, use following css:
white-space: pre-wrap;
resource: https://css-tricks.com/almanac/properties/w/whitespace/
The nl2br function is working with that content as a string:
http://codepad.org/M2Jw9KQJ
This leads me to believe that you are not echoing out the content you claim you are.
Are you sure the content in the DB is as you say it is?
Perhaps you need to go the other way round:
function br2nl( $data ) {return preg_replace( "!<br.*>!iU", "\n", $data );}
I have a text field that inserts its content into an SQL table. Often, I will want this content to have <p> html tags within, based on line breaks in the text field. I have tried doing a replace before inserting:
str_replace("</p><p>", "\n", $_POST["body"]);
and I have tried doing a replace with escape characters:
str_replace("</p><p>", "\n", $_POST["body"]);
with no success. Meaning they still appear as text field line breaks. There is no security issue as the field can only be accessed by an administrator. Thank you for your help.
it seems both times you are trying to replace contrary - a </p><p> to \n which obviously fails
try to swap str_replace argumants.
I don't understand what SQL has to do here though
How about replacing each separately?
str_replace(array("</p>", "<p>"), array("\n","\n"), $_POST["body"]);
I think the problem is in " latter, like google, try replacing it with ' or call function addslashes() on your text.
I'm pulling content from a DB that has been sanitized using mysql_real_escape_string.
Accordingly the new line characters now appear as "\n".
The issue is that this content is displayed to users inside a < pre > tag so I cannot replace \n with < br/> for instance.
I suppose I could replace \n with the actual utf8 character code before inserting the result inside the < pre>.
Can somoneone assist here? Not using mysql_real_escape_string isn't really an option due to security policy.
Thanks.
echo '<pre>'.str_replace('\n', "\n", $string).'</pre>';
why not ...
echo str_replace('\\n', PHP_EOL, "few lines\nof text here,\nblah, blah! etc!");
str_replace("\\n","\n",$data);
I'm pulling content from a DB that has been sanitized using mysql_real_escape_string. Accordingly the new line characters now appear as "\n"
If you've not done anything to the raw data pulled back from the database then the ptoblem is that it has been 'sanitized' twice when inserted.
C.
This might help a bit:
echo('test\ntest');
shows as
test test
but
echo("test\ntest");
shows as
test
test