There are a lot of little pieces of information on this subject, and maybe I'm just not looking in the right spot. But I'd like to put it all together in one place. Start to finish.
I'm trying to make a form pretty much like the one I'm using right now on stack overflow. There is a textarea, when someone hits enter, it does not submit the form, but adds a new line. But it doesn't display \n or <br \> in the actual text box.
Then the text with all structural integrity needs to be entered into a database and retrieved to an xhtml page.
I've hear of using javascript. I've heard of the nl2br function. They all seem to be pieces to the puzzle, but I can't find the big picture.
Does anyone have a sample script of start to finish how they would accomplish this?
Thank you very much for your help! I hope others can use this too who are having difficulty.
You need to create a regular <textarea>, and save its raw text to the database. (making sure to use parameters to prevent SQL injection)
Then, when you want to display the text, use <pre> or nl2br() to ensure that the newlines are displayed by the browser.
Related
I have a function that enables members on a site to message each other; the message is stored in a MySQL database. When a member sends a message to another member, I want to keep the natural flow of the message, i.e with white space and paragraphs etc. However, these are removed when the message is stored in MySQL.
I am aware that there is a PHP function that allows this to happen, but I am not sure what it is. Below is an example of what I am referring to. I hope it offers better insight to what I mean.
An example message:
dear Tom
thank you for contacting me.
the details are here.
The above example has 3 seperate lines with white space. However, it is rendered as follows in the MySQL table:
dear Tom thank you for contacting me. my details are below.
Can somebody please tell me what the PHP function is that will allow it be be rendered naturally but still escape unwanted values.
nl2br is what you're looking for.
But don't use it before inserting to the database. Use it in the presentation layer.
The database will contain the message as entered by the user. Then you can choose how to display it later.
With <br> tags:
<p class="message"><?=nl2br($message)?></p>
Or perhaps in the future you might want to use a <pre> tag instead:
<pre><?=$message?></pre>
Note the absence of the call to nl2br in the pre. I know you don't wish to display it in a pre tag for now, I'm just using it to demonstrate the point.
Okay. So I don't have any example code to show, but after doing a bit of research and learning the basics of PHP, I think the answer to my question should be pretty simple.
Here is the scenario, as I would like it to be:
On the homepage there will be several team names, with scores next to them. Like "house-points" in Harry Potter.
Below the score is a small text-field. Below that is a submit button.
The user will put a number in the text-field, press submit, and that number will be added to the team's total score.
NOW. I know how to achieve all of that with JavaScript. Easy. What I want to know IS:
How do I make that new number (the new score total) STAY there. I need to permanently alter the HTML when that submit button is pressed.
All I know is that I need to use PHP. I know the basics of PHP, so whatever the answer is, just throw it at me and I'll figure it out.
Sounds like what you want to do is submitting forms. First drop the JavaScript, you won't need it. What you need is to put your text fields in a form and when you submit you can fetch your values with $_<GET|POST|REQUEST>['<name_of_field>'].
Then you will need to store it somehow. The best way to do it is to use a database like MySQL or MongoDB to store it, but it could be a bit tricky if you are just learning this, so maybe you would like to stick to files. You could do this with INI files and PHP's INI functions.
Lastly you will need to print out the correct values to the website. Now this is easy: Just edit your HTML file to do something like
<?php echo $score['team1']; ?>
for each team after retrieving the correct values at the top or something. (Don't forget to rename the HTML file to .php as well).
Now you should be all set to save your scores. =)
If you mean really permanent you'll have to send it to a database via Ajax (combination of PHP and Javascript). OR write it to a text-document, which is less good.
Here is an example of the workflow a user can have on my website :
Create a task, with content: I use htmlentities to encode the content and store it in my database (yes, I've decided to store the encoded content);
The user comes back later and clicks to view the task. The thing is, the preview of the content is done in a disabled textarea.
I tried to use htmlentities_decode when printing the content in the textarea (XSS problem if the user entered bad things);
I just print the encoded text and everything is fine.
The user clicks on EDIT, this will make the textarea editable
The user clicks on SAVE.
Here is my main issue, as I didn't decode the text before I printed it, it is still encoded and when the user saves it, it is re-encoded. So, the previous content is double encoded.
So, if the first time the user enters something like:
blablabla </textarea/> yeah!
Then, it's encoded and the result is:
blablabla </textarea/> yeah!
Then, when I display it, it displays as the user previously entered it but if he saves it, the result is:
blablabla </textarea/> yeah!
And, so, if he displays it again, it is not well displayed (and it also takes more and more space in my database as the user keeps editing his task).
Well, I am sure this is a problem a lot of people have experienced but I can't find any good solution.
By the way, I am using htmlentities with ENT_QUOTES.
ahah, here is my main issue, as I didn't decode the text before I
printed it, it is still encoded and when the user save it, it is
reencoded. So, the previous content is double-encoded.
This is actually correct, you shouldn't decode the text before you print it. In fact, it must be HTML encoded when output in the HTML page. It is not still encoded when the user submits it because the browser will have already interpreted the HTML entities.
Unless... you are creating a TEXT_NODE in the DOM and assigning the encoded data to this (in the textarea)? In which case the browser will not interpret the HTML entities and you will end up resubmitting already encoded data. Assign to the innerHTML property instead, if this is the case. However, the HTML entities would be clearly visible in the form to the end user (on the first edit), before the data is submitted, which does not appear to be the case?
Hum,
I fixed my problem.
I didn't noticed but for the first entry, I was using htmlentities() and when editing, I was using the Zend escape() function.
Using only htmlentities() fixed the problem. I don't know how the escape() function of ZF works, but I won't use it in the future :p
Thanks you for answers :)
Anyway, so, I am wondering, the htmlentities_decode() function, in which situation should it be used? As I htmlentities() when I get the form and print it like that, I never use the htmlentities_decode(). Is that normal? So I am wondering what is this function used for?
Thanks again!
I need to know how to display information put in a database longtext field the way it was written.
Like if a user writes in this below:
My life is full of love I fly like
wedding doves I blow passed stop signs
That intersect with hate lines
-
I know what I am
I know who I be
If you can't accept me
Then don't friend me
I want it to display the text from the database just like the user wrote it in the textarea instead of it displaying in one like this:
My life is full of love I fly like wedding doves I blow passed stop signs That intersect with hate lines I know what I am I know who I be If you can't accept me Then don't friend me
How can I could it in PHP to display the information properly using PHP?
Use nl2br(). It converts line breaks (e.g. from textareas) into HTML <br /> tags.
If you use nl2br on the data, it should appear with approximately the same formatting as it did in the originating textarea.
However, I'd really recommend reading about things like handling SQL injection and escaping output, etc. first as you're quite possibly setting yourself up for some cross site scripting (XSS) issues if you're not careful.
If you want to display a preformated text enclose it in <pre></pre> tags
<pre>...your text here...</pre>
Many people dislike the <pre> element because it is often abused by bad developers and designers
but this is exactly the case it is supposed to be used for.
Most browsers render preformated text different then normal text, so you might have to adjust your stylesheet
body, pre {font-family: ...;font-size:....}
I can't stress it enough: You should never output user-generated content as it is but be careful that you escape all text you output (see: http://php.net/manual/en/function.htmlspecialchars.php ).
Hey guys Im building a web-app where users can login and post/read articles and comment and things.
Im giving them a form to post an article where they provide its title, description and text.
leaving the validations and sql injections aside (already done that), I need help with displaying the article stored in MySQL database as TEXT.
Im taking the article text from a textarea, and displaying it in a p tag but then obviously it skips the new line characters entered by the users, but the pre tag makes it ugly by giving a wide scrollable display.I want to know which tag is appropriate to be used for this purpose? or is even taking an article through textarea correct?
Im a learner and am building such a webapp with articles and comments sections for the first time, so any suggestions are most welcome. Thank you in advanced.
My recommendation would be of two choices:
1. Use Plain Text:
If you want that user can not put any HTML in the contents, show a simple HTML Textarea input to user, then when the user enters a new line (Enter key) it would be \n in your database. When you want to print the article just use nl2br($article_contents); and it will convert the new lines (\n) into HTML line breaks.
2. Rich Text:
If you want users to put HTML contents in article then it would be easy if you use any Text Editors like TinyMCE. TinyMCE will make it easy for your users to do simple HTML Formatting like headings, bold, italic, paragraph alignments, color, add images. Then in the PHP side use strip_tags function to allow only the certain tags so the user could not insert any malicious code like XSS injections into HTML contents. For example:
strip_tags($article_contents, "<u><b><i><font><span><p>");
Proposed Answer:
Use <span></span>
Tags like <p></p><div></div> take up as much space as they can, while <span></span> takes up as little as it can to hold whatever is inside it, so it might be more suitable for you.
Let me know if that worked for you.
In PHP you can use function nl2br that changes all newline characters to BR HTML tag. http://php.net/nl2br