I've been building a site where users submit a logline and a synopsis for something. This works through a that is then submitted using $_POST, and an SQL query is used to put it into an SQL table. For some reason, ONLY IN MOZILLA FIREFOX (I've tested in chrome, IE, safari, and even on an ipad (Safari again)), by the time it gets to the SQL table it is full of random line breaks. When the submission is viewed on a different part of the site, no matter what the line breaks are there, so it is definitely a problem with Mozilla with the submission step.
So what is the issue with Mozilla? I would love any help on making this not happen, here is what is being submitted (abridged to include relevant pieces):
User enters value in this kind of a textarea:
<form id="submitform" name="submitform" action="submit.php" onsubmit="return validateSubmitForm(event)" method="post">
// some code
<textarea style="height:300px;width:800px;font-family:Arial;border:1px solid #a6a6a6;
background-color:#fff9eb;resize:none"
wrap="hard" size="1500" placeholder="1500 character limit..." maxlength="1500"
id="submitsummary" name="submitsummary" type="text"></textarea>
// some code
</form>
Then, after the form is submitted as a $_POST, I input it into the data table with basically this SQL query:
"INSERT INTO table (userid, header, synopsis)
VALUES(1, 1, " . htmlspecialchars($_POST["submitsummary"]) . ")"
Any thoughts on why it is that only Mozilla is being problematic? Also, any thoughts on how to get around it? Much appreciated!
wrap="hard" is known to have issues with Firefox. Remove that and check if the random line breaks disappear.
Also set the cols and rows attributes for the textbox as Firefox also uses this to determine proper wrapping.
I suspect your issue is wrap="hard". This requires you to use the cols attribute and it inserts newlines at the wrap points of text in the textarea.
Removing the wrap or setting wrap="soft" will result in the submitted data only having newlines where the user hit enter (or if the user pasted, only where the pasted data had newlines).
Related
I am working on a school project and am quite new to php so pardon me if this may come off as sounding stupid.
I am trying to use $_GET to fill in a form with the information that was previously inputted into the fields when the user has somehow ran into a problem like leaving fields empty and was forced back into the form web page.
One of the fields may require the user to input operands on mathematical problems (ie. 1+1=2) but when echo-ing back the result the "+" sign is replaced with a space.
<input id="register" name="enun" type="text" class="form-control" placeholder="Question *" value="<?php if(isset($_GET['error'])){echo $_GET['enun'];}?>" />
The link "(...).php?error=equalquestion&enun=1+1=?&resp=2(...)" and I want to echo the bolded part.
I have tried some other fixes around stackoverflow like "htmlentities" / "htmlspecialchars" / "urldecode" but to no avail.
Thank you in advance!
I've been working my way through W3Schools' PHP course and I've become flummoxed by something in one of the lessons -
http://www.w3schools.com/php/php_form_complete.asp
The form is filled using globals which are assigned after the user hits 'submit', the same globals are then echoed in the PHP block at the end of the script.
Here's my modification which specifies default values for the globals to avoid the need to fill in the form and hit submit -
phpfiddle link to my modification
What's confused me is that the comment box is -
I've no<br> comment
but when it's echoed by PHP the spaces are stripped and the output is -
I've no
comment
Echoing the var_dump of $comment gives -
string(23) "I've no
comment"
Both the comment box and the echo statement use the same source, $comment, but the format of the string is different. Why is that? Can someone please explain this discrepancy to me.
By default the output of a PHP program (when launched via a web server) starts with Content-Type: text/html.
The output is treated as HTML source code.
<br> is the element that creates a line break in HTML and, in HTML, one or more whitespace characters is collapsed into a single space.
Related:
OWASP on XSS
How to prevent XSS with HTML/PHP?
Basically, I have an administration area where users are to be able to add information to a MySQL database using a form textarea. The users have little or no HTML knowledge so I'd like them to be able to use their return key to create line breaks instead of <br /> tags, however I also want the use of HTML to be permitted too for future purposes. I also won't want <br /> tags to appear in the textarea after insertion and would like line breaks instead so as not to confuse people - basically display it in the textarea exactly as it was entered.
I've been having difficulty parsing the data though, I've come up with a solution to prevent the line breaks from being stripped but I just really want to know if this is valid - it works, but if I've learned anything recently I know that doesn't mean it's right!
$extra_details_escape = mysql_real_escape_string($_POST['extra_details']);
$extra_details_escape = str_replace('\r\n','LiNeBrEaK',$extra_details_escape);
$extra_details_escape = stripslashes($extra_details_escape);
$extra_details_escape = str_replace('LiNeBrEaK','\r\n',$extra_details_escape);
mysql_query("UPDATE table SET column = '$extra_details_escape' WHERE id = '$id'");
Many thanks,
Joe
Have you tried nl2br() ?
Try this, post string sanitization:
$extra_details_escape = nl2br($_POST['extra_details']);
I have form in html (php). This form includes text area which is used to save log from swich, router, etc. to database.
Command line of terminal usualy have 80 cols(bytes on line) so i set the atribute cols to 80.
<tr>
<td><label for="taskText">Text:</label> </td>
<td><textarea name="taskText" id="taskText" cols="80" rows="10" required></textarea></td>
</tr>
Motivation: Why I do this? I have table in database which have this colums id (INT-autoincrement),log1(TEXT), log2(TEXT).
User save two logs into database, then I get them from database and save log1 to field $log1 and log2 to the field $log2, where $log1 will be array, where the keys will be lines.
for example:
`
$log1[0]="line1";
$log1[1]="line2";
$log1[2]="line3";`
Problem: So the problem is copy text of log to the textarea, then save it properly to the database(MYSQL) to the field of type TEXT(I choosed this hope well) and have preserved the end of lines (somehow), then load the log from the database to array, where each key will be one line (like in example now without the mark for end of line).
My solution:
Using function nl2br before saving to the database and durring loading from database use function explode:
$log1=explode("<br />", $stringWithLogLoadedFromDatabase);
But I'm not sure if this is good solution. Any other ideas?
NOTE:
I wrote there some background of my solution, but the main problem is only with end of lines of input text(log) which I´ll copy to the text area and save to the database. So I need to now where are original end of lines to be able to work with the lines.
Can you try with the following,
Use htmlspecialchars() on the string to put into the DB, and then, when pulling it back out, use htmlspecialchars_decode().
These two might make a output as per you query.
I'm getting data from my textarea with the following code
$about_me=mysql_real_escape_string(nl2br($_POST['about_me']));
which
1. Receives data, using $_POST.
2. nl2br makes brakes so If I echo this code to user he will see if there were new lines.
3. mysql_real_escape_string to secure code from mysql injections before entering it to database.
So if I echo this code everything works fine.
But If I edit it again through textarea, php goes to mysql gets data, puts it to textarea and I see <br> signs...
How can I get rid of them while editing my text again in textarea ?
How can I get rid of them while editing my text again in textarea ?
Stop using nl2br(), of course. It's entirely wrong here.
You use nl2br() when you want to output data that contains linebreaks to HTML, not when you want to store it in the database. Store data unchanged, format it for viewing.
If you output it into a <textarea> you don't need to use it either, since textareas display linebreaks (whereas HTML in general does not). For the textarea you need htmlspecialchars(), but apparently this is already happening - otherwise you would not see literal <br> showing up.
<?php
function br2nl($string){
$return=eregi_replace('<br[[:space:]]*/?'.
'[[:space:]]*>',chr(13).chr(10),$string);
return $return;
}
?>
Use this while getting data from database and before printing into textarea .
http://php.net/manual/en/function.nl2br.php
Check examples on this page