I am having hard time getting a form submitted textarea where people put in line breaks when they hit enter on their address..For example.
<textarea name="address"></textarea>
I am using this to get the post
$address = mysql_real_escape_string(trim($_POST['address']));
They are entering 123 test <return>city,state.
Then after they submit, in the mysql database the address is showing 123 testnrcity state
So how can I handle this?
Thanks!
Use nl2br?
$address = mysql_real_escape_string(trim(nl2br($_POST['address'])));
HTH :)
Have you checked what's in your database field? Just show the database contents with phpMyAdmin or a similar tool. The line break can either be a line break character or two characters: \n. If it's the latter, then your input probably was escaped twice. Or is it just "n". Then there is probably another escaping somewhere along the way. Do you use a database abstraction layer? Maybe it escapes the values too.
I was not able to resolve this the way I wanted to and just settled with using str_replace() to replace all "\r\n" stuff with a space...
Related
I've tried many tests to make this work but can't seem to figure this one out!
A PHP code is called before it sends an email, it checks if placeholders have values in them, then adds them in email. Results I get are all on same line with no line breaks.
Can someone please tell me how to insert a line break in the code?
I've tried the linebreak br with single quotes and double in many places in the code, nothing is working. I've tried the echo code, I get errors.
Each placeholder starts with the IF statement and must end with the value}'; for each one. Where and how can I insert the line break between the IF and value}'; for each?
Thanks a million!
Results come out like this scapbooking20dancing35
instead of:
scapbooking
20
dancing
35
if you guys had to put a line break in this code, how does it go? cheers if($_POST['form']['age'] != '') $modAdminEmailText .= '{age:caption}: {age:value}';
/* Retrieve the admin email text */
$modAdminEmailText = $form->AdminEmailText;
/*Checks if the field has a value and if so, add it to the Email Text*/
if($_POST['form']['hobby'] != '')
$modAdminEmailText .= '{hobby:caption}: {hobby:value}';
if($_POST['form']['age'] != '')
$modAdminEmailText .= '{age:caption}: {age:value}';
/*After the field placeholders are added we will need to replace them with the actual submitted values.*/
$adminEmail['text'] = $modAdminEmailText;
$adminEmail['text'] = str_replace($placeholders, $values, $adminEmail['text']);
been there, done that. Here's what I think is going on.
I've tried the linebreak br ... with single quotes and double.. in many many places in the code, nothing is working.. I've tried the echo code, I get errors, 2 days now no sleep :(
using <br> in your code will only work if you write the e-mail as HTML. Check the documentation for the e-mail library you use to see how you do that.
Now in stead of using <br> you may want to use the \n or \r\n symbol. Beware, that if you use that, then you must enclose your string with double quotes: $somevar."\n"
Alternatively try to use PHP_EOL like this: $somevar. PHP_EOL
I'm not sure how these two methods behave when using string interpolation, but it's worth a try.
PHP Mysql CodeIgniter Converting characters to symbols in very bizarre circumstances
Application Built on CodeIgniter.
Has been running for over a year. No problems.
Client fills in a form about a customer.
A simple trim($_POST['notes']) captures textarea form field text and saves to MySQL
no error reported in PHP or JavaScript
The other day I notice some text the client has entered, has had the brackets used in the text "()" replaced with the equivalent "()
I think... "That's strange... I don't recall any reason why those characters would have been replaced like that.!"
I take a look ... and a day later... here is my madness revealed:
The text in question is verbatim "
Always run credit card on file (we do not charge this customer for pick-up or return)
"
No matter what I did or changed on the code side.. I could not prevent the PHP... OR Javascript... Or MySQL... OR alien beings... - or whoever the heck is doing it - from converting the "()" in the text to "(). And I tried many things like cleaning the string in all ways known to man or god. Capturing the string previous to sending just before saving to the database. And the conversion would always take place just before the save to MySQL. I tried posting in different forms and fields... Same thing every time... could not stop the magic conversion to "().
What in the name of batman is in this magical text that is causing this to happen?? is it magic pixie dust sprinkled on to godaddy server it is running on??? 0_o
.......
Being the genius that I am 0_0 I decide to remove one word from the paragraph at a time.
Magically... as all the creatures of the forest gathered around - as I finally got to the word "file" in the paragraph, and removed it !!! Like magic - the "()" stay as "()" and are NOT converted to "()?!?!???!?!? :\ How come??I simply removed the word "file" from the text... How could this change anything?? What is the word "file" causing to change with how the string is saved or converted??
OK -So I tested this out on any and every form field in the app. Every single time, in any field, if you type the word "file" followed by a "(" it will convert the first "(" to "(; and the very next ")" to ")
So.. if the string is:
"file ( any number of characters or text ) any other text or characters"
On post, it will be converted mysteriously to:
"file ( any number of characters or text ) any other text or characters"
Remove the word "file" from the string, and you get:
"( any number of characters or text ) any other text or characters"
The alien beings return the abducted "()"
Anyone have a clue what the heck could be going on here?
What is causing this?
Is the word "file" a keyword that is tripping some sort of security measures? interpereting it as "file()"???
I dunno :\
It's the strangest thing I ever saw... Except for that time I walked in on Mom and Dad 0_o
Any help would be greatly appreciated, and I will buy you a beer for sure :)
The very large headed, - (way to much power for such tender egos) -, Noo-Noos here at stack have paused this question as "Off topic" LOL... honest to God these guys are so silly.
So - in an effort to placate the stack-gestapo - I will attempt to edit this question so that it is... "on topic"??? 0_o ... anything for you oh so "King" Stack Guys O_O - too bad you would never have the whit to ever notice such a bug... maybe some day. ;)
Sample code:
<textarea name="notes">Always run credit card on file (we do not charge this customer for pick-up or return) blah blah</textarea>
<?php
if(isset($_POST['notes']){
$this->db->where("ID = ".$_POST['ID']);
$this->db->update('OWNER', $_POST['notes']);
}
?>
Resulting MySQL storage:
"Always run credit card on file (we do not charge this customer for pick-up or return) blah blah"
InnoDB - Type text utf8_general_ci
I am not looking for a way to prevent it, or clean it... I am clearly asking "What causes it"
/*
* Sanitize naughty scripting elements
*
* Similar to above, only instead of looking for
* tags it looks for PHP and JavaScript commands
* that are disallowed. Rather than removing the
* code, it simply converts the parenthesis to entities
* rendering the code un-executable.
*
* For example: eval('some code')
* Becomes: eval('some code')
*/
$str = preg_replace('#(alert|cmd|passthru|eval|exec|expression|system|fopen|fsockopen|file|file_get_contents|readfile|unlink)(\s*)\((.*?)\)#si', "\\1\\2(\\3)", $str);
This is the part of XSS Clean. (system/core/Security.php)
If you want the filter to run automatically every time it encounters POST or COOKIE data you can enable it by opening your application/config/config.php file and setting this:
$config['global_xss_filtering'] = TRUE;
https://www.codeigniter.com/user_guide/libraries/security.html
try something like this
$this->db->set('OWNER', $_POST['notes'],FALSE);
$this->db->where('ID ', $_POST['ID']);
$this->db->update('table_name');
Men I think Is in your server. If Ur using Wamp try to check if you have miss Install some arguments in xhtml. This is my Idea. it's related on my experience in CodeIgniter. hope U will response if you want some advice.
Use utf8 encoding to store these values.
To avoid injections use mysql_real_escape_string() (or prepared statements).
To protect from XSS use htmlspecialchars.
How ever not sure what is the issue in ur case..
Probably try using some other sql keywords in the string and verify the solution.
Try replacing the ( and the ) with ( and ) using str_replace
If you are storing ( and ) in your database then you should try replacing it on output if not try and replace it before input.
I'm not sure if this would work, but you could try inserting a slash in or before the word 'file':
fi\le ( any number of characters or text ) any other text or characters
when i use stripslashes in php but i did not get the exact solution. I have menstion below which i used in my code those are
Example if i have the value in table like suresh\'s kuma\"r
i trying to display the value in the following three formats but no one is giving exact value
1) value=<?=stripslashes($row[1])?> //output is suresh's
2) value='<?=stripslashes($row[1])?>' //output is suresh
3) value="<?=stripslashes($row[1])?>" //output is suresh's kuma
But the exact output i need is suresh's kuma"r
let me know how to resolve the this issue?
The issue has nothing do to with stripslashes. If I guess correctly, the problem lies in the fact that in your examples quotes break the html field attribute;
I'll show you by manually echoing out your $row content as per your infos:
value=sures kumar --> leads to browser to interpret this as value="sures" kumar
value='suresh'khumar --> well, same story value='sures' khumar
value="Suresh"Khumar -->what can I say...you know the drill
Escaping the quotes won't affect html, since backslashes has no meaning in html.
Both value="Suresh" and value="Suresh\" will work fine for the browser, but your name will always be interpreted by the browser as some unknown attribute, leaving only the first part inside the value.
What you might do, instead, is apply htmlentities($row[1],ENT_QUOTES) so that they get converted in the equivalent entity ("e;,for ex.) and not break your value attribute. See manual.
Another issue is that you shouldn't be having backslashes in your database in the first place; this might be due to the presence of magic_quotes enabled in your provider, or you passing manually addslashes() or other wrong trickery. If you want to insert into a database values containing quotes, use the escaping mechanism provided by your database driver (mysql_real_escape_string() in mysql, for ex.), or better tools (preparated statements with query bindings).
You should first get rid of all the slashes using that stripslashes and re-saving back the content; but slashes or not, the issue would appear again if you don't format that appropriately for your html, as I showed above.
Are you sure you want stripslashes instead of addslashes? Is the purpose is to quote the " characters?
I have a form where a user types paragraphs into a text area and then it takes them to another page after they submit. How can I pass whatever they typed to the page after they submit? The text area might have linebreaks and if I use a query string to pass the data, it gives me an error. This is my current code to pass the field:
<?php
if(isset($_POST['form']))
{
$title = $_POST['title'];
$body = $_POST['body'];
header("SubmitForm.php?title=$title&body=$body");
?>
<html>
...html form...
It doesn't work when the text area has line breaks in it.
I would suggest installing a wysiwyg editor to make this easier for you, but i assume that would add some time for the learning curve.
The simplest tips I can give you is to set a CSS attribute for your textarea: white-space:pre so that when it gets submitted, all line breaks get sent as well.
On your server side, you would need to use the nl2br() function, so that when it gets saved on your DB or wherever you store them, all line breaks are converted to HTML breaks.
For your additional reference, I had a similar question like this last year.
You really shouldn't be putting anything that long in a query string in the first place. Look into using sessions to store data across pages instead.
(This is assuming I understood the question right)
urlencode the data in order to pass it via query string.
so I need the user to write a review about an article or book and send it to a DB via PHP but with some basic HTML formatting.. I mean, I have a form , when the user writes the review, the data is sent but without any kind of formatting, If the user want to write in a new line, the text is sent like plain text, I need to get also those new line breaks and simple stuff.
I know how to use PHP and DB connection, I just need to know how to get those new line breakes and stuff..
Use nl2br
Just before printing on the screen data from DB. It replaces \n (new line) as <br>
I recommend storing the data as plaintext, and adding the formatting on the way out. This way if you want to change the way it is formatted then you don't have to update every row in the database.
you can use nl2br() if you just need to newlines to be formatted, and a search-and-replace for anything else.
Have you considered using an existing 'plain text to markup' solution, like Markdown?
It (and others like it) allow your users to write plaintext reviews that will be sensibly formatted. (like stackoverflow uses!)
The PHP function nl2br() basically takes every new line your user enters via the form and converts the new line code to a <br> tag.
An example of using this would be:
$text = nl2br("This is text \nThis is a new line of text");
This would create the following code in your database:
This is text<br>This is a new line of text
When the user hits enter in the form textarea, PHP will pick this up as \n.