When I copy a domain name from Google Maps and then paste it into a form I built, it enters it into a MySQL database with appended at the end of the domain name.
Any idea how I could strip that off of the domain name?
The relevant code is below
<div class="friend5title"><label for="url">Website:</label></div>
<div class="friend5field"><input name="website" type="text" id="website" maxlength="150"></div>
$website = mysql_real_escape_string($website);
mysql_query("INSERT INTO submission VALUES ('$website')");
It is a control character ( http://en.wikipedia.org/wiki/Left-to-right_mark ).
Ignore all of my previous answer I just realized (since I wrote quickly) it isn't in unicode it is actually in a HTML entity format so you need to strip that HTML entity out:
preg_replace('/()/', '', $string);
An alternative is to actually purify your string and purge it of all HTML entities since it shouldn't really have any in it. Normally there could be special characters like & but these should not exist in a URL taken from an input field I reckon.
Here is a question about removing HTML entities with a solid answer: How to remove html special chars?
As to why it is happening: it is possible that someone has a foreign browser which artifically makes the text in inputs go a certain way but in turn by adding this html entity.
On pasting in the input field you did copy a left-to-right character, with unicode number 8206. As the browser evidently did have a form not in some unicode character set (like UTF-8), it sent to the server that character as numeric entity . The server has to decode these, or the form (and page) has to be changed to accept UTF-8.
In the case of your LTR-character, it seems superfluous. You could add an onchange=... to remove characters < 0 and > 127 for the URL. They still are characters, so that is easily done.
Related
I have a textarea, which I need to be able to take characters including / and ' as well as special characters in ASCII. It does this fine, and sends the data to a php page by the POST method.
Then I repopulate the text area simply by putting
<?php echo isset($F_Text) ? $F_Text : '' ?>
between the textarea tags ($F_Name = $_POST["F_Name"]), with the intention that the user can then alter what they typed in and resubmit.
But each time the form is repopulated two issues arise. A forward slash is added before characters such as ' and the ASCII characters are printed out as the symbol rather than the code. This basically breaks the rest of the page (the submission goes on to be processed by some javascript).
I can't think of any way to keep the ASCII codes as just that, codes, not symbols.
Also, I've just noticed that all $ signs are lost too, which I can understand, but I need them to stay!
I need the form to display EXACTLY what the user typed in originally. Any ideas?
Can you try with :
<?php echo isset($F_Text) ? htmlentities(stripslashes($F_Text)) : '' ?>
Hope this helps you :)
My guess would be that you first have to turn of magic quotes, then use htmlspecialchars to avoid that your variable messes up your html and then make sure everything is in utf8 so that all special characters are retained (depending on what you consider ASCII characters...).
Your php echo statement would be:
<?php echo isset($F_Text) ? htmlspecialchars($F_Text) : '' ?>
I have two issues
When I submit the character ' through my HTML form (using POST) it is fine. However, in the form I allow to modify the submitted content, when it is brought in, anything after the ' disappears. I've deduced that this is because when I assign the text content containing the ' to the text field, it closes the quote. For example, if I submit Hello there I'm John, it will do: <input type=text value='Hello there I'm Jon />
So you see, the apostrophe in I'm closes the quote for the value attribute. So the only solution I can think of would be to escape the apostrophe, but even when I leave my mysql_real_escape_string() function on the content (as it's submitted to a database escaped and retrieved for this form).
Similarly, when I submit an & or a +, it disappears. This happens any time I try to print it anywhere, regardless of using the htmlspecialchars() function (which I was under the impression should encode them in HTML format for such characters, like: &). so as an example, if someone enters Me & you then it will be displayed as Me you.
So I'm asking: How can I fix the above issues, seeming to have to do with special characters, despite already having them escaped (and I even tried applying the escape function again)? If there is any sample code I should supply, please let me know, but I've explained what I am doing to each input.
When I submit the character ' through my HTML form (using POST) it is fine. However, in the form I allow to modify the submitted content, when it is brought in, anything after the ' disappears. I've deduced that this is because when I assign the text content containing the ' to the text field, it closes the quote. For example, if I submit Hello there I'm John, it will do: <input type=text value='Hello there I'm Jon /> So you see, the apostrophe in I'm closes the quote for the value attribute. So the only solution I can think of would be to escape the apostrophe, but even when I leave my mysql_real_escape_string() function on the content (as it's submitted to a database escaped and retrieved for this form).
This has nothing to do with submitting the data. You are trying to use ' in an attribute value that is delimited with ' characters.
Use htmlspecialchars($data, ENT_QUOTES)
Similarly, when I submit an & or a +, it disappears. This happens any time I try to print it anywhere, regardless of using the htmlspecialchars() function (which I was under the impression should encode them in HTML format for such characters, like: &). so as an example, if someone enters Me & you then it will be displayed as Me you.
In data encoded as application/x-www-form-urlencoded & means "Start of new key=value pair" and + means "A space". You need to urlencode($data).
First, it helps to properly contain HTML attributes, like so:
<input type="text" value="Hello there I'm Jon" />
I'm using double quotes, notice the trailing quote on the value, which your original didn't have. If you then wrap the value in htmlentities() you'll be able to properly display/save " or any other value in your form.
While double quotes aren't strictly necessary in HTML5 (' will work just fine in most cases), they are at least encouraged. If you're using some variant of XHTML, they are required.
A lazy but fast way to do things here is use urlencode() on the contents of the fields before they are posted, and the urldecode() on the other side.
It's not the proper way, or the nice way ... but it works if you don't want to write some specific code to handle the cases.
Is there a way to replace the character & with and in a PHP web form as the user types it rather than after submitting the form?
When & is inserted into our database our search engine doesn't interpret the & correctly replacing it with & returning an incorrect search result (i.e. not the result that included &).
Here is the field we would like to run this on:
<input type="text" name="project_title" id="project_title" value="<?php echo $project_title; ?>" size="60" class="btn_input2"/>
Is there a way to replace the character & with and in a PHP web form as the user types it rather than after submitting the form?
PHP is on the server, it has no control over anything taking place under any circumstances what-so-ever on the client-side. It sends raw text from the web server, a 100megaton thermonuclear device explodes, and PHP never exists anymore after the content is sent. Just the document received on your client side remains. To work with effects on your client side, you need to work with JavaScript.
To do that, you would pick your favorite JavaScript library and add an event listener for "keyup" events. Replace ampersands with "and", and drop the replacement text back in the box. mugur has posted an answer that shows you how to do this.
This is a horrible solution in practice because your users will be screaming for bloody justice to deliver them from such an awful user experience. What you've ended up doing is replacing the input text with something they didn't want. Other search tools do this, why can't yours? You hit backspace, then what? When you hit in the text, you probably lose your cursor position.
Not only that, you're treating a symptom rather than the cause. Look at why you're doing this:
The reason is when & is inserted into our database our search engine flips out and replaces it with & which then returns an incorrect result (i.e. not the result that included &).
No, your database and search engine do no such thing as "flipping out". You're not aware of what's going on and try to treat symptoms rather than learn the cause and fix it. Your symptom cure will create MORE issues down the road. Don't do it.
& is an HTML Entity Code. Every "special" charecter has one. This means your database also encodes > as > as well as characters with accents in them (such as French, German, or Spanish texts). You get "Wrong" results for all of these.
You didn't show any code so you don't get any code. But here's what your problem is.
Your code is converting raw text into HTML Entity codes where appropriate, you're searching against a non-encoded string.
Option 1: Fix the cause
Encode your search text with HTML entities so that it matches for all these cases. Match accent charecters with their non-accented cousins so searching for "francais" might return "français".
Option 2: Fix one symptom
Do a string replace for ampersands either on the client or server side, your search breaks for all other encodings. Never find texts such as "Bob > Sally". Never find "français".
Before submitting the form you'd need to use JavaScript to change as the user types it in. Not ideal since JS can be turned off.
You'd be much better to "clean" the ampersands after submitting but before inserting into the database.
A simple str_replace should work:
str_replace(' & ',' and ', $_POST['value']);
But as others have pointed out, this isn't a good solution. The best solution would be to encode the ampersands as they go into the database (which seems to be happening just now), then modify your search script to allow for this.
You can do that as they complete the form with jquery like this:
$('#input').change(function() { // edited conforming Icognito suggestion
var some_val = $('#input').val().replace('&', 'and');
$('#input').val( some_val );
});
EDIT: working example (http://jsfiddle.net/4gXZW/13/)
JS:
$('.target').change(function() {
$('.target').val($('.target').val().replace('&', 'and'));
});
HTML:
<input class="target" type="text" value="Field 1" />
Otherwise you can do that in PHP before the insert sql.
$to_insert = str_replace("&", "and", $_POST['your_variable']);
<tr>
<td>
<b>Escalation:
</td></b>
<td>
<TextArea name='escalation' onKeyDown=\"limitText(this.form.escalation,this.form.countdown,100);\"
onKeyUp=\"limitText(this.form.escalation,this.form.countdown,100);\">$Text</textarea>You have <input readonly type=\"text\" name=\"countdown\" size=\"3\" value=\"100\"> characters left.
</td>
</tr>
That is a excerpt of the code im trying to use. Basically I'm trying to fill the text area with a value stored in a php variable, which comes from a SQL database. the Javascript functions limit the amount of text in a block to 100 Chars.
Problem is that it fills whatever space isnt used in the initial value with spaces! I printed the $Text between two quotes so I would know for a fact it doesnt have spaces in the database, which it doesnt. You can also clearly see that I dont have any space at all between the textarea tags so that isnt the issue that I see other posters have.
Any ideas?
Yes, I have seen that behavior before. Check to see if the column that you are reading the value from in the database is of type "CHAR" or type "VARCHAR". It is more efficient to always use fixed-length (CHAR) over variable-length (VARCHAR) field types, so databases are sometimes designed that way. The down side is that shorter data stored in those fields is always padded with spaces.
The solution: You probably have a line in your PHP that looks something like this:
$Text = $row['text'];
Change that line to the following:
$Text = trim($row['text']);
The 'trim' function will strip leading and trailing spaces. If you are using fixed length fields, remember that you will HAVE TO pad the values that you write to the database as well. That means that you will have to add leading spaces to the string to be written to the database to make the then proper length for fixed-width field.
I have made one form in which there is rich text editor. and i m trying to store the data to database.
now i have mainly two problem..
1) As soon as the string which contents "#"(basically when i try to change the color of the font) character, then it does not store characters after "#". and it also not store "#" character also.
2) although i had tried....in javascript
html.replace("\"","'");
but it does not replace the double quotes to single quotes.
We'll need to see some code. My feeling is you're missing some essential escaping step somewhere. In particular:
As soon as the string which contents "#"(basically when i try to change the color of the font) character
Implies to me that you might be sticking strings together into a URL like this:
var url= '/something.php?content='+html;
Naturally if the html contains a # symbol, you've got problems, because in:
http://www.example.com/something.php?content=<div style="color:#123456">
the # begins a fragment identifier called #123456">, like when you put #section on the end of a URL to go to the anchor called section in the HTML file. Fragment identifiers are purely client-side and are not sent to the server, which would see:
http://www.example.com/something.php?content=<div style="color:
However this is far from the only problem with the above. Space, < and = are simly invalid in URLs, and other characters like & will also mess up parameter parsing. To encode an arbitrary string into a query parameter you must use encodeURIComponent:
var url= '/something.php?content='+encodeURIComponent(html);
which will replace # with %35 and similarly for the other out-of-band characters.
However if this is indeed what you're doing, you should in any case you should not be storing anything to the database in response to a GET request, nor relying on a GET to pass potentially-large content. Use a POST request instead.
It seems that you are doing something very strange with your database code. Can you show the actual code you use for storing the string to database?
# - character is a common way to create a comment. That is everything starting from # to end of line is discarded. However if your code to store to database is correct, that should not matter.
Javascript is not the correct place to handle quote character conversions. The right place for that is on server side.
As you have requested....
I try to replay you... I try to mention exact what I had done...
1) on the client side on the html form page I had written like this..
html = html.trim(); // in html, the data of the rich text editor will come.
document.RTEDemo.action = "submit.php?method='"+ html.replace("\"","'") + "'";
\\ i had done replace bcz i think that was some problem with double quotes.
now on submit.php , my browser url is like this...
http://localhost/nc/submit.php?method='This is very simple recipe.<br><strong style='background-color: #111111; color: #80ff00; font-size: 20px;">To make Bread Buttor you will need</strong><br><br><blockquote><ol><li>bread</li><li>buttor</li></ol></li></blockquote><span style="background-color: #00ff80;">GOOD.</span><br><br><br><blockquote><br></blockquote><br>'
2) on submit.php ........I just write simply this
echo "METHOD : ".$_GET['method'] . "<br><br>";
$method = $_GET['method'];
now my answer of upper part is like this...
METHOD : 'This is very simple recipe.
now i want to store the full detail of URL....but its only storing...
This is very simple recipe.