I am trying to strip certain characters and keywords from a php form and not having much luck.
What I want is to a modular filter list to remove urls and certain keywords. At the moment I just want to remove http links while keeping allowed domains. In this case example.com
<?php //Check whether the form has been submitted
if (array_key_exists('check_submit', $_POST)) {
//Converts the new line characters (\n) in the text area into HTML line breaks (the <br /> tag)
$_POST['Comments'] = nl2br($_POST['Comments']); //Check whether a
$_GET['Languages'] is set
}
//Let's now print out the received values in the browser
echo "<br />{$_POST['Comments']}<br /><br />";
}
else
{
echo "You can't see this page without submitting the form.";
}
?>
I always use:
$data = "<b> some text ///, test</b>"
htmlentities(strip_tags(mysql_real_escape_string($data)));
Hope that helps!
I am writing an application where a user enters text into a textbox inside a form and the text is stored in a SQL db inside a MEDIUMTEXT field. I am testing right now so the table only has 2 field "1" for the index and "2" for the stored text.
<form method="post" action="index.php" enctype="multipart/form-data" >
<h3>Input Text Here</h3>
<textarea name="text" cols="40" rows="6" ></textarea><br/>
<input type="submit" value="Submit" />
</form>
The stored text then is retrieved in another page and displayed.
<?php
$query = "SELECT * FROM test_table WHERE 1='1'";
$result = mysql_query($query);
if (!$result) die ("Database access failed: " . mysql_error());
$results = mysql_fetch_array($result, MYSQL_ASSOC);
echo $results['2'];
if(isset($_POST['text'])) {
echo printText($_POST['text']);
function printText($txt) {
if(!empty($txt)) {
return $txt;
} else {
return 'You didn\'t write anything.';
}
}
}
?>
The problem is that when the text is displayed all the carriage returns disappear and multiple paragraphs become one.
Can anybody guide me in the appropriate direction? Should I be using regular expressions looking for carriage returns and marking them up? Is there a less search intense method? I tried nl2br(), but I guess you need actual \n entries for it to work.
I am writing this for someone to easily update a "news blub" on their landing page without having to use a text editor and writing code.
Thanks!
I tried nl2br(), but I guess you need actual \n entries for it to
work.
nl2br is the function you need. From the manual:
Returns string with '<br />' or '<br>' inserted before all newlines
(\r\n, \n\r, \n and \r).
If a user submits data with carriage returns then you will be getting "actual" \n entries (or one of the others mentioned in the manual description). Ensure you are calling it whenever you are echoing the pertinent text.
I use ckeditor in admin panel but in user submit form use simple textbox so user can input text and submit. Problem is when user enter text in textarea with Line Breaks it saves as it in SQL. I want to add BR after each line in sql.
For Example User Submits:
![F.R.I.E.N.D.S.:
(F)ight for you.
(R)espect you.
(I)nvolve you.
(E)ncourage you.
(N)eed you.
(D)eserve you and
(S)tand by you.][1]![SCREENSHOT oF DB SAVE][2]
got saved in DB as it with next line showing in output. But I want to save in DB as:
F.R.I.E.N.D.S.:<br />
(F)ight for you.<br />
(R)espect you.<br />
(I)nvolve you.<br />
(E)ncourage you.<br />
(N)eed you.<br />
(D)eserve you and<br />
(S)tand by you.
I use nl2br but its not working on user submit form If I use nl2br on admin processing form then on those fields already added with ckeditor it adds two BR tags.
Code used on user submit form is:
<textarea name="content" id="content" cols="60" rows="10" class="span7"><?php if(isset($content)) { echo $content; } ?></textarea>
$content = trim($_POST["content"])
$content = mysql_real_escape_string($content);
$content = nl2br($content);
No processing is used on admin approval form where ckeditor used on textarea. Text output from DB appears without Line Breaks in a single line in ckeditor.
if I use nl2br while output on this form it works but adds double BRs on earlier text posted through ckeditor.
also tried $content = preg_replace("/\r\n|\r/", "<br />", $content); as suggested by some one on stackoverflow on similar question
pls suggest me some function for this problem.
also suggest If I need to use some function like htmlentities or stripslashes to process content before Inserting into SQL.
Just replace the new line \r\n, \r first, then trim it.
$content = preg_replace("/\r\n|\r/", "<br />", $_POST["content"]);
$content = trim($content])
Or:
$content = nl2br($_POST["content"]);
$content = trim($content)
Good luck.
You need to use nl2br for displaying the value, whenever you need it, not for saving it.
Ok, so I'm having a problem with a simple textarea. I'm using a kind of hidden page to easily encode some data using JSON. However, all of my text input is automatically being escaped somewhere and I don't know where. All of my $_POST variables are automatically run through the htmlentities() function when the script starts up, as seen below:
$ani->i->post = $this->clean($_POST, true);
function clean($values, $unset = false) {
if (is_array($values)) {
foreach ($values as $key => $value) {
$newkey = strtolower($key);
$return[$newkey] = $this->clean($value);
unset($values[$key]);
}
return $return;
}
return htmlentities($values);
}
I keep getting \' for all of my single quotes when I put the value back into the textarea.
I can't find anywhere where it would be adding slashes and I don't remember it being a feature that they were automatically added when you submit from a textarea, and if that was so, why would they not be returning back to a single quote when put back into the textarea? Do I really need to run variables through stripslashes() to get them back to their original form?
Edit: My 'test.php' file is as follows:
<h1>To Be Encoded:</h1>
<form action="/test" method="post">
<textarea name="encode" rows="20" cols="50"><?= html_entity_decode($ani->i->post['encode']) ?></textarea>
<input type="submit" name="submit" value="Encode It!" />
</form>
<h1>Encoded By JSON:</h1>
<textarea name="encoded" rows="20" cols="50"><?= json_encode(html_entity_decode($ani->i->post['encode'])) ?></textarea>
<?php
die();
?>
P.S. The die() is just there for compatibility with my framework.
I suppose Magic Quotes are turned on.
Turn them off ASAP! :)
I've just discovered the email-address-saving form on my website does not work on Opera and Internet Explorer (7 at any rate), and possibly other browsers. Works fine with Firefox. Unfortunately I'm not a developer and no longer have any contact with the guy who wrote the code for the form so I've no idea how to fix it. I assume the problem has something to do with the code below:
<?php
$str = '';
if (isset($_POST['submit']))
{
if(!eregi("^[[:alnum:]][a-z0-9_.-]*#[a-z0-9.-]+\.[a-z]{2,4}$", $_POST['email'])) {
$str = "<span style='color: red'>Not a valid email address</span>";
} else {
$file = 'emails.txt';
$text = "$_POST[email]\n";
if (is_writable($file)) {
if (!$fh = fopen($file, 'a')) {
exit;
}
if (fwrite($fh, $text) === FALSE) {
exit;
}
fclose($fh);
}
header('Location: thankyou.html');
}
}
?>
and then the body bit:
<form action="index.php" method="post">
<input type="text" name="email" style="width: 250px;" />
<input type="image" src="img/button-submit.png" name="submit" value="Submit" style="position: relative; top: 5px; left: 10px" />
</form>
<?php echo $str ?>
Anybody feeling pity for a helpless non-dev and have an idea what's not working here?
This is being caused by the fact that the submit input is of type 'image'. On submit, IE7 only returns the x and y coords of the click.
This should do the trick:
Replace:
if (isset($_POST['submit']))
With:
if (isset($_POST['submit']) || isset($_POST['submit_x']))
It is a browser based issue
in your form, you have used <input type="image" />
IE doesn't pass name/value pairs for image type input, instead it only sends the key_x/value_x and key_y/value_y pairs
you probaly want to use <input type="submit" /> as replacement/addition, since this is completely supported on all types of browsers (think also about text browsers please, i still use them.)
Unfortunately, the error, if any at all, is going to be between the Browser and the server, not PHP. If you could provide some details like the HTML form that isn't working in IE7, then we may be able to help out more.
Your form element is self-closed. Remove the trailing / in the opening tag and it should work. (Er, it might work. Either way, there shouldn't be a trailing slash.)
Assuming that the php in your code is in the same file as the form ... you might try adding the name of your php file to the form's action.
<form action="" method="post">
... becomes ...
<form action="name_of_php_file" method="post">
Include a hidden field in your form that will only be valid and present if you submit the form. Something like:
<input type="hidden" name="checkemail" value="1" />
Then, in your PHP, change the if-condition to check for this particular variable:
<?php
$str = '';
if (isset($_POST["checkemail"]))
{
//-- rest of your code
}
?>
This will allow you to keep the image as the submit button and work across browsers which differ in how they send the value, if at all, of the name of image type buttons.
I know this doesn't fix your problem, but I don't like the line:
$text = "$_POST[email]\n";
Is that not bad practice? I haven't used PHP for years, but I think you should change it to
$text = $_POST['email'] . "\n";
or something like that. Using $_POST[email] without the quotes around the array key causes PHP to first look for a constant named 'email'. Only after not finding it will it convert email to a string and then pull the value out of the associative array. Just wasted CPU power.