I used the jquery function serialize() for a form, made an ajax call, and use php to do the form processing.
I have a textarea in that form where users type uses spaces and line breaks. I can access the values with $_POST, but its doesnt interpret the line breaks into html <br/ > tags. Is there a function that converts line breaks the urlencoded string into <br/> tags and other html tags? Or is everything already decoded by the time i access it with $_POST that i cant do anything with it?
Use nl2br($text); (new-line to break-rule)
Are you sure you are using nl2br() while echoing textarea's value ?
edit: too late:P
in PHP you have a function to add <br> before any new line : nl2br()
You should use it only when you print the text in the textarea with echo, not for storing in your Database.
You also can find a use of addslashes() to avoid any problems with the caracteres ' and " in your textarea
Alternatively, if you don't want to apply html tags into the value, you can later display the line spacing correctly by applying the CSS white-space property into the element where the text appears, and setting it to pre or something similar. For more information check out the documentation on it on w3schools.
Related
i'm working with a form one of its fields is an RTF textarea (jWYSIWYG), that is autofilled with some database information at the load of the page, all that using Symfony framework. This RTF editor can add some html tags like <p>,<b>, etc.
The trouble starts when i try to know if the textarea has been modified before sending the form: what i get from the $request is that all the html tags are coded like <p>,<b>, etc. I tryed to replace that expressions with the < and > characters so i can compare it to the stored data.
$codes = array('>','<');
$chars = array('<' ,'>' );
return str_replace($codes,$chars,$text);
but this function returns me the same array i pass as parameter of the str_replace function. What am I doing wrong? have anyone had the same problem?
Try this function instead of str_replace: http://www.php.net/manual/en/function.htmlspecialchars-decode.php
Finally discovered the problem. Was not about the html tags! the problem is (i dont know why) the jWYSIWYG adds about 24 white spaces at the end of the field, so obvously, the comparation between stored and new data results different.
i simply deleted the final whitespaces of the input this way:
$text = rtrim($text);
I created a form where users can enter html code and it outputs their code in another textarea. The problem is that if the html the user enters has a textarea in the code, the in their code breaks my textarea form. I see other sites display any html correctly so how is this done without breaking the form and allowing the user to copy it so that it still remains as and not some converted code so they can paste it on their webpage?
Ah crap yeah I figured it out, in fact the problem wasn't with the htmlspecialchars code alone I forgot to add a return to one of my functions haha. Thanks guys.
Represent characters that have special meaning in HTML using entities. Since you are using PHP, use htmlspecialchars
There are millions and millions of ways to do this. The easiest is to use htmlspecialchars or htmlentities on the user's input. This will make a visual </textarea> in the textarea box without closing it. This actually turns it into </textarea>. htmlspecialchars transforms less characters than htmlentities and usually makes more sense to use in a situation like this, but do your research.
strip_tags() is also a possibility.
You can also use a regular expression with PCRE, or even str_replace() or other string manipulation functions to strip off the textarea, convert the special characters, etc.
PECL also as a BB code extension you can use if you still want your users to be able to enter some for of tags to style their output.
<textarea><?php echo htmlentities($code); ?></textarea>
You have to transform the html code into symbols, so it is not treated as html.
Use the function htmlentities() on the textarea content before echoing it.
I have a php script, where the user inserts his name.
Users can insert anything they want, even things like <img src="....
I would like to save their input in a way it won't show any image (or any html).
I know it exists but I don't know what keywords to search in order to find what does it.
Use strip_tags($str).
http://php.net/strip_tags
htmlspecialchars() will encode the text so that the tags are not interpreted as HTML.
The easiest solution is the PHP function strip_tags(), which does exactly what the name suggests, and strips HTML tags from a string.
The other alternative is to 'escape' the input, so that HTML characters such as < and > are converted into displayable text. This would result in the HTML code being displayed.
You would do this with the function htmlentities().
It's worth pointing out that the input may contain HTML characters without actually intending to be HTML. The & character is a HTML reserved character, but can also be found in normal text. > and < are less commonly used in normal text, but still possible. All of them may cause problems when displayed on your page, without necessarily being actual HTML code.
The solution to this is as above, to escape the string using htmlentities(). You may want to run striptags() first, but you should also run htmlentities() as well, to ensure that the string is displayed correctly.
Hope that helps.
I'm having a strange problem in that I have php inserting text into a <textarea> and the <textarea> is adding one white space to the top of my text.
I created an example page to display the problem... here it the code behind the page.
<textarea style="width:600px;height:100px;"><?php get_film_info('main description'); ?></textarea>
<br>
<textarea id="mainDescription style="width:600px;height:100px;">Text just typed in</textarea>
<br>
<?php get_film_info('main description'); ?>
You can see that without the <textarea> tag, the text does not include the indent. My database also reflects no indent, as well as the php output outside of the <textarea>...
Any clue what could be going on?
the sample page
Edit: You were all right, of course I didn't bother checking the source code of the output file. Turns out when I was adding the data (via ajax) I was sending my data like var data = '&main_description= ' + mainDescription. Notice the space between the "=" and the "+".
Thank you all for your input, gotta just give the check mark to the guy on the top of the list.
Try this:
trim(get_film_info('main description'));
Your text has space at beginning!
I don't know what function 'get_film_info' returns but it returns with space!
There's definitely a space in the beginning and one at the end, as can be seen in the page source. Perhaps get_film_info() is inadvertently injecting them.
There is a heading space in the return value of get_form_info(). Check the value of 'main description' in your database (or whereever it is being stored). If there isn't a heading space in the value itself, then get_film_inflo() is to blame.
A space does exist. Outside of the textarea, the browser does not interpret them, because a \n means nothing (it is interpreted in the source code only) in just regular text form. However, a \n inside a textarea represents a line break and is being interpreted as such.
To solve the problem you can always trim the value before outputting it.
I have a dynamic string from PHP that I encoded using htmlentities() so I can pass it on AJAX using jQuery and JSON. Now I got something like
{ "error": "false", "html": "<div id="user_add_title">Adding New User<div class="showhide-div"><a class="hideShowToggle" href="#" onclick="$('#account_title').show();$('#account').show();$('#users_container').html('')">[cancel]</a></div></div>" }
and when I want to show it in an AJAX success callback function like:
success: function(json) {
if(json.error == 'false')
$("#users_container").html(json.html);
else
showMsg(json.msg);
}
what's displayed in the is the entities itself
<div id="user_add_title">Adding New User<div class="showhide-div"><a class="hideShowToggle" href="#" onclick="$('#account_title').show();$('#account').show();$('#users_container').html('')">[cancel]</a></div></div>
instead of being rendered by the browser.
If I use html or text as dataType in my jQuery AJAX call, the tags are rendered properly. I want to use JSON because I need to catch if the process has an error or not.
You don't need to encode your own markup with htmlentities when passing it to jQuery. Simply remove the call to htmlentites() and send your marked up HTML.
The exception is, if some part of the code contains text supplied from the user. In this case, you must htmlencode() that text, and leave it encoded even when it's appended to a DOM element for display.
I have solved it! Instead of using PHP's htmlentities() which converts greater than and less than signs as well as the quotes, I just used addslashes() to only convert (or add backslashes) characters that need backslashing such as the quotes.
I figured out that the quotes were the ones causing the json not being parsed correctly, the reason why I used htmlentities in the first place, thinking that converting everything would solve it. Thanks for your valuable input.