Can somebody please help me with this problem.
I'm simply trying to display a message from users. The message comes to my database from a textarea. My problem is when I am typing message and formatting it with breaking into paragraphs it is not display in that format and display it as a one long paragraph.
like this.
To change the overall look of your document, choose new Theme elements
on the Page Layout tab. To change the looks available in the Quick
Style gallery, use the Change Current Quick Style Set command.
\r\n\r\nBoth the Themes gallery and the Quick Styles gallery provide
reset commands so that you can always restore the look of your
document to the original contained in your current template.
I tried with nl2br() and strip_tags() but still no luck
The Code from validation message.
// Check for message
if ( !empty ( $_POST['message'])) {
if ( mb_strlen ( $_POST['message'], 'UTF-8') <= 20 ) {
$reg_errors['message'] = 'Your message must be greater than 20 characters';
} else {
$message = mysqli_real_escape_string($dbc, $_POST['message']);
}
} else {
$reg_errors['message'] = 'Message: This field is required.';
}
This is the code I use when select message from db
$message= $row['message'];
$message= nl2br(strip_tags($message));
when echoing $message it print a paragraph like above.
You are doing excessive escaping when adding data into database.
If you are using prepared statements, just remove mysqli_real_escape_string() call from your code.
Otherwise you are doing it twice - som you have to find the place where it happens and remove extra mysqli_real_escape_string() call from your code.
From my understanding, by using mysqli_real_escape_string() you are making it escape the backslashes so at the time of transaction for example \r\n becomes \\r\\n, however, if those have already been escaped by Javascript then what you end up during transaction is \\\\r\\\\n which translates back into html as
a literal backward slash
r
a literal backward slash
n
So you might want to replace them with appropriate characters before adding into your database. Doing that you can pic from a variety of built-in functions such as preg_replace(), strtr(), str_replace()…
Related
I've tried many tests to make this work but can't seem to figure this one out!
A PHP code is called before it sends an email, it checks if placeholders have values in them, then adds them in email. Results I get are all on same line with no line breaks.
Can someone please tell me how to insert a line break in the code?
I've tried the linebreak br with single quotes and double in many places in the code, nothing is working. I've tried the echo code, I get errors.
Each placeholder starts with the IF statement and must end with the value}'; for each one. Where and how can I insert the line break between the IF and value}'; for each?
Thanks a million!
Results come out like this scapbooking20dancing35
instead of:
scapbooking
20
dancing
35
if you guys had to put a line break in this code, how does it go? cheers if($_POST['form']['age'] != '') $modAdminEmailText .= '{age:caption}: {age:value}';
/* Retrieve the admin email text */
$modAdminEmailText = $form->AdminEmailText;
/*Checks if the field has a value and if so, add it to the Email Text*/
if($_POST['form']['hobby'] != '')
$modAdminEmailText .= '{hobby:caption}: {hobby:value}';
if($_POST['form']['age'] != '')
$modAdminEmailText .= '{age:caption}: {age:value}';
/*After the field placeholders are added we will need to replace them with the actual submitted values.*/
$adminEmail['text'] = $modAdminEmailText;
$adminEmail['text'] = str_replace($placeholders, $values, $adminEmail['text']);
been there, done that. Here's what I think is going on.
I've tried the linebreak br ... with single quotes and double.. in many many places in the code, nothing is working.. I've tried the echo code, I get errors, 2 days now no sleep :(
using <br> in your code will only work if you write the e-mail as HTML. Check the documentation for the e-mail library you use to see how you do that.
Now in stead of using <br> you may want to use the \n or \r\n symbol. Beware, that if you use that, then you must enclose your string with double quotes: $somevar."\n"
Alternatively try to use PHP_EOL like this: $somevar. PHP_EOL
I'm not sure how these two methods behave when using string interpolation, but it's worth a try.
Is there any possibility in PHP to save new lines in an textarea into a sql database?
I mean without typing in html commands like br ?
If not, how its done here? And how i can install it into my programm?
Thanks for help!
$descriptionraw = mysqli_real_escape_string($conn, $_POST['setdescription']);
$description = nl2br($descriptionraw);
The premise of this question is flawed, as the newlines are stored in the database already.
At least as long as you haven't done anything to remove them prior to saving the input, that is.
The question should be how to display the newlines in HTML pages, and for this you have a couple of methods.
Either use a <pre> tag around the output. This will cause the text to be showns preformatted, and thus include the newlines as actual content. The bad side about this is that the text won't break normally, and as such can (and will) break out of the natural flow of your page.
Or use nl2br() or a custom nl2p() function, when echoing the content to the browser. This translates the newlines into <br> (or <p>) tags, and will follow the normal flow of your site's layout. Which makes this the recommended method.
PS: This line is wrong:
$description = nl2br($descriptionraw);
This is function to format output to a HTML-compatible viewer, a database is not. Using nl2br() and similar functions before you save stuff to the database will only cause you headaches, especially if you ever want to view the data in something that is not equipped to handle HTML code. (Such as the native MySQL client.)
Quick and dirty examples, using PDO:
First for saving the data:
$input = filter_var ($_POST['input'], FILTER);
$stmt = $db->prepare ("INSERT INTO `table`(`input`) VALUES (:data)");
$stmt->exec (array (':data' => $input));
Then for displaying it:
$output = '';
$res = $db->exec ("SELECT `input` FROM `table`");
foreach ($res->fetchArray () as $row) {
$output .= nl2br ($row['input']);
}
echo $output;
User php function nl2br
echo nl2br("This\r\nis\n\ra\nstring\r");
Pulling in data from a Filemaker Pro database field and trying to convert the plain text data from the field into a clickable link to google maps via PHP.
My first attempt doesnt display anything when called:
$Venue = '';
$Venue is then echoed into a UL via
<?php echo $Venue; ?>
I'm relatively new to PHP so I'm sure there is a much more semantic way of marking this up? Possibly a regex and replace, returning a preg_replace? Which is what I've been using for plain text URLs and email addresses.
Anything helps, thanks so much.
Casey - not sure there's enough context here to help you? For instance, forget the link wrapping, does
<?php echo $record->getField( 'Auctions::AIS_Venue'); ?>
actually echo the field contents to a page?
Also, not sure you really want to use nl2br anyway, as you probably don't want a break in your url ;-)
OK, in which case there are a couple of things to try. First - can you get it to run in a webviewer inside FileMaker? I suspect not, and it may be down to an encoding/filtering issue.
There are two approaches you could use.
Create a new calc field in FileMaker that filters out punctuation and converts spaces to '+'s, something like:
Filter( Substitute( Lower( Auctions::AIS_Venue ) ; [ ¶ ; "+"] ; [" " ; "+"]; ["++" ; "+"] ); "abcdefghijklmnopqrstuvwxyz1234567890+" )
and then use that field as in your PHP code, or;
Do the same calculation on the fly in PHP, something like:
$Venue = '';
That should do the trick ? ;-)
From a form, I'm asking the user to enter some text. I will retrieve this text using $_POST['text'].
The user enters the string "It's my text!"
$newText = mysql_real_escape_string($_POST['text']);
Now on the very same page after I've inserted $newText into the database I want to display
the text to the user and also use it as the value of an input text box using PHP.
// I want to make sure the user hasn't added any unsafe html in their string
$newText = htmlentities($newText);
echo "You've entered: " . $newText . "<br />";
echo "<form action=someaction.php method=post>";
echo "<input type=text value=\"" . $newText . "\">";
echo "</form>";
The output is:
You've entered: It\'s my text!
[It\'s my text!]
How do I avoid these slashes, and should I be doing anything else with my data?
You're passing the text through mysql_real_escape_string() which, as the name suggests, escapes the string, including apostrophes. mysql_real_escape_string() is meant only for preparing the data for saving to database. You shouldn't use it when displaying data to the user.
So, the solution is simple: remove the line and use htmlentities() only. Use mysql_real_escape_string() when you're saving the string to database (and only then).
Only use mysql_real_escape_string() on the variable you want to use in the query, because it will add slashes to escape some of the characters in the string. This works great for mysql, but when want to use it on the page it will look weird.
You could make 2 variables, 1 for MySQL and 1 for displaying the raw text.
$text = $_POST['text'];
$db_text = mysql_real_escape($text);
Also note that you should use strip_slashes() on the data you get from the database later, to remove the slashes.
Hope this clear things up a little bit.
Now on the very same page after I've inserted $newText into the database I want to display the text to the user
That's what you are doing wrong.
An HTTP standard require a GET method redirect after every successful POST request.
So, you have to redirect the user on the same page, where you may read inserted data from the database and show it to the user.
As for the mistake you made - just move escaping somewhere closer to the database operations, to make sure it is used only for the purpose (YET it is used obligatory, without the risk of forgetting it!).
Ideally you have to use some variables to represent the data in the query, and some handler to process them.
So, the query call may look like
DB::run("UPDATE table SET text=s:text",$_POST['text']);
where s:text is such a variable (called placeholder), which will be substituted with the $_POST['text'] value, properly prepared according to the type set in the placeholder name (s means "string", tells your function to escape and quote the data)
So, all the necessary preparations will be done inside and will spoil no source variable.
save normally using mysql_real_escape_string()
and when you want to display it in a form:
htmlspecialchars(stripslashes($row['text_data']))
it will do the trick.
I have a form where a user types paragraphs into a text area and then it takes them to another page after they submit. How can I pass whatever they typed to the page after they submit? The text area might have linebreaks and if I use a query string to pass the data, it gives me an error. This is my current code to pass the field:
<?php
if(isset($_POST['form']))
{
$title = $_POST['title'];
$body = $_POST['body'];
header("SubmitForm.php?title=$title&body=$body");
?>
<html>
...html form...
It doesn't work when the text area has line breaks in it.
I would suggest installing a wysiwyg editor to make this easier for you, but i assume that would add some time for the learning curve.
The simplest tips I can give you is to set a CSS attribute for your textarea: white-space:pre so that when it gets submitted, all line breaks get sent as well.
On your server side, you would need to use the nl2br() function, so that when it gets saved on your DB or wherever you store them, all line breaks are converted to HTML breaks.
For your additional reference, I had a similar question like this last year.
You really shouldn't be putting anything that long in a query string in the first place. Look into using sessions to store data across pages instead.
(This is assuming I understood the question right)
urlencode the data in order to pass it via query string.