Basically, I want to to something similar as to what mybb does in php, where they will output code between [code][/code] tags as highlighted text. Obviously I will need some regular expressions, but what's the key to outputting all php code as plain text, especially after stored in a db.
Edit: not just php code but all code as plain text
IMO, the easiest way would be to:
1) Read your text into a string
2) Optionally, run htmlspecialchars()
3a) echo() the string
3b) be sure to add <pre> and </pre> tags before and after the string
Related
Any ideas why formatted text from DB, when echo-ed out in php loses its formatting, i.e. no new lines? Thanks!
Use nl2br().
New lines are ignored by browser. That's why you see all text without line breaks. nl2br() converts new lines to <br /> tags that are displayed as new lines in browsers.
If you want to display your text in <textarea>, you don't need to convert all new lines to <br />. Anyway, if you do it... you will see "<br />"s as text in new lines places.
Because there are no html tags for formatting!
Try the nl2br function.
You could try add nl2br() function...
something like this: echo nl2br($your_text_variable);
It should work ;-)
The reason
This is the default behavior for all user agents. If you look at the page source, you'll see that your text has the same formatting like the one in the database (or textarea).
The reason of your confusion is probably that you once see the text in the <textarea> tag, which displays preformatted text, does not interpret the tags, and in the other case the text is interpreted (whitespace is not important in this case).
The browsers don't display new lines, unless specifically asked for - using <br> tag or any block level tags.
No tags == no new lines.
The fix
If you store preformatted text in the database,
you should wrap the output in the <pre> tag.
You may want to convert the formatting characters to the HTML tags you need using set of functions like nl2br, str_replace etc.
You may also correct your structure to store the HTML in the database instead of just plain text (however markup looks like a better solution).
See similar question:
How do I keep whitespace formatting using PHP/HTML?
The difference between the two images you show is that one has the text in a <textarea></textarea> and the other does not ... if you want 1:1: <textarea><?php echo $yourVariable;?></textarea>
It does output what you say to output. If the text is pre-formatted, put it inside the HTML <pre></pre> tag in your output script.
This should be helpful in answering.
How do I keep whitespace formatting using PHP/HTML?enter link description here
Set up a string preprocessing code for both input to database and output to display page
I'm using imap from php and retrieving a message. The contents can either be html or plain text. When html is available, I resort to using the html contents for displaying. However, if html text is not available, than I must use the plain text for rendering messages to the user.
My question is, when I display the plain text, it comes as one jarbled paragraph. I'd like to figure out how to format the plain text into a viewable fashion. This could just be a multipart issue, and the parts together form one jarbled paragraph. If so, what should I do? Erase the parts that are not the most recent? Is there a way to format the plain text regalrdess
Thanks
You can enclose the text in <pre> tags to preserve the formatting
You can also use nl2br to insert <br /> before all new lines
Currently finalising the coding for my comment system, and it want it to work a little how Stack Overflow works with their posts etc, I would like my users to be able to use BOLD, Italic and Underscore only, and to do that I would use following:
_ Text _ * BOLD * -Italic-
Now, firstly I would like to know a way of stripping a comment completely clean of any tags, html entities and such, so for example, if a user was to use any html / php tags, they would be removed from the input.
I am currently using Strip_tags, but that can leave the output looking quite nasty, even if an abusive or blatent XSS/Injection attempt has been made, I would still like the plain-text to be outputted in full, and not chopped up as strip_tags seems to make an absolute mess when it comes to that.
What I will then do, is replace the asterisks with bold html tags, and so on AFTER stripping the content clean of html tags.
How do people suggest I do this, currently this is the comment sanitize function
function cleanNonSQL( $str )
{
return strip_tags( stripslashes( trim( $str ) ) );
}
PHP tags are surrounded by <? and ?>, or maybe <% and %>on some ages-old installations, so removing PHP tags can be managed by a regex:
$cleaned=preg_replace('/\<\?.*?\?\>/', '', $dirty);
$cleaned=preg_replace('/\<\%.*?\%\>/', '', $cleaned);
Next you take care of the HTML tags: These are surrounded by < and >. Again you can do this with a regex
$cleaned=preg_replace('/\<.*?\>/','',$cleaned);
This will transform
$dirty="blah blah blah <?php echo $this; ?> foo foo foo <some> html <tag> and <another /> bar bar";
into
$cleaned="blah blah blah foo foo foo html and bar bar";
You could try using regular expressions to strip the tags, such as:
preg_replace("/\<(.+?)\>/", '', $str);
Not sure if that's what you're looking for, but it will remove anything inside < and >. You can also make it a little more foolproof by requiring the first character after the < to be a letter.
The correct way is not to delete html tags from your user's comment, but to tell the browser that the following text should not be interpreted as HTML, Javascript, whatever. Imagine someone wants to post example code like we do here on stackoverflow. If you just bluntly remove any parts of a comment that seem to be code, you will mess up the user's comment.
The solution is to use htmlentities which will escape symbols used for html markup in the comment so that it will actually show up as just text in the browser.
For example the browser will interpret a < as the beginning of a html tag. if you just want the browser to display a <, you have to write < in the source code. htmlentities will convert all the relevant symbols into their html entities for you.
Longer Example
echo htmlentities("<b>this text should not be bold</b><?php echo PHP_SELF;?>");
Outputs
<b>this text should not be bold</b><?php echo PHP_SELF;?>
The browser will output
<b>this text should not be bold</b><?php echo PHP_SELF;?>
Consider the following real life example with the solution, you accepted. Imagine a user writing this comment.
i'm in a bad mood today :<. but your blog made me really happy :>
You will now do your preg_replace("/\<(.+?)\>/", '', $comment); on the text and it will remove half the comment:
i'm in a bad mood today :
If that's what you wanted, never mind this answer. If you don't, use htmlentities.
If you want to save the comment as a file and not have the server interpret PHP code inside it, save it with an extension like '.html' or '.txt', so that the web server won't call the PHP interpreter in the first place. There is usually no need to escape PHP code.
Any ideas why formatted text from DB, when echo-ed out in php loses its formatting, i.e. no new lines? Thanks!
Use nl2br().
New lines are ignored by browser. That's why you see all text without line breaks. nl2br() converts new lines to <br /> tags that are displayed as new lines in browsers.
If you want to display your text in <textarea>, you don't need to convert all new lines to <br />. Anyway, if you do it... you will see "<br />"s as text in new lines places.
Because there are no html tags for formatting!
Try the nl2br function.
You could try add nl2br() function...
something like this: echo nl2br($your_text_variable);
It should work ;-)
The reason
This is the default behavior for all user agents. If you look at the page source, you'll see that your text has the same formatting like the one in the database (or textarea).
The reason of your confusion is probably that you once see the text in the <textarea> tag, which displays preformatted text, does not interpret the tags, and in the other case the text is interpreted (whitespace is not important in this case).
The browsers don't display new lines, unless specifically asked for - using <br> tag or any block level tags.
No tags == no new lines.
The fix
If you store preformatted text in the database,
you should wrap the output in the <pre> tag.
You may want to convert the formatting characters to the HTML tags you need using set of functions like nl2br, str_replace etc.
You may also correct your structure to store the HTML in the database instead of just plain text (however markup looks like a better solution).
See similar question:
How do I keep whitespace formatting using PHP/HTML?
The difference between the two images you show is that one has the text in a <textarea></textarea> and the other does not ... if you want 1:1: <textarea><?php echo $yourVariable;?></textarea>
It does output what you say to output. If the text is pre-formatted, put it inside the HTML <pre></pre> tag in your output script.
This should be helpful in answering.
How do I keep whitespace formatting using PHP/HTML?enter link description here
Set up a string preprocessing code for both input to database and output to display page
I have a html page stored in the mysql database. I get the html from the database and try to replace some of the inline javascript code from the html content. I tried using str_replace() but it does not replace the inline javascript code. I can replace other html content like divs but not inline javascript code.
How can I do find and replace the inline javascript code?
PHP should be seeing the entire HTML page as a big string, so in theory, it should be able to alter JS and HTML alike. Is it possible the string still has slashes, and your str_replace can't find the search criteria due to the slashes?
Try printing the entirety of the string to the screen to make sure, and if it does still have slashes, use a stripslashes($string) call to get rid of them.
You probably want to use a DOM parser to handle your webpage as a DOM structure, not a serialised string of HTML (where things like string replacement and regular expressions can be troublesome).