HI,
I am creating on comments form where users will be commented and will be stored in the MYSQL database. The problem what I am facing is, it is stored as the single line in the database. It should be stored with exact format how user is entered in the form(like new lines and everything). I am using PHP to store it in the MySQL db.
First store it as text or longtext. Second, when showing the comment, use a function like nl2br to convert newlines to html <br> elements. This way, linebreaks are preserved.
Your text is stored just fine in the database if you are putting it into a long enough text-type field (e.g. TEXT), including the newlines in the user input.
Your problem is how to display the text formatted the way the user was seeing it when entering it. This is a more generic problem, and it only has to do with how HTML treats whitespace.
One approach would be to call nl2br on the comments, as Ikke says. This would replace all newlines (which the browser disregards) with <br> tags which have a visible effect on the rendered output.
Another option would be to put the text inside a <pre>...</pre> tag. This will force the browser to render it with whitespace preserved.
It's really up to what's more convenient/suitable for you.
Update: Just to be clear: do not modify the user input before inserting it in the database (unless it's part of your input validation, like e.g. stripping HTML tags from the input). Store it in an "untouched" format, and only do some processing on it before you output the data. This way, you always have the option of performing the correct processing if your output channel changes in the future (e.g. export comments to a text file vs displaying them as HTML).
you can store the comments in the same form in the mysql database. one difference would be when you retrieve the comments that has new line your code should look for \r\n and interpret it.. and also when you insert the data in mysql you will have to escape ' and \ characters from the comment.
Related
I would like to save some text to my database which can be entered by the client with PHP and MySQL. Lets say I have a textarea and I want to save the exact layout, how the client entered the text.
By exact layout I mean:
Exact spaces
Exact linebreaks
After that I want to display it to them in the same format. Of course any HTML JS tags will be wiped out when we're outputting the text.
It's a good practice to store the original text in the database but render the filtered text.
You can change the linebreaks to HTML with nl2br() and use htmlentities() function to prevent XSS vulnerability.
You could display the text in a HTML
<pre>
Element.
I have a website in which a user enters text into an html form. The nature of the content is such that it is likely the user will want to write multiple paragraphs. As it stands now, the form sends the text via POST to a PHP file which inserts the text into a database. On another page, the text is pulled from the database and displayed. When it is displayed, all user formatting is gone. Multiple spaces and line breaks are deleted. How can I save the formatting of the user? Instructing him to use HTML tags to format is not feasible for a couple of reasons. I have also considered the
<pre>
tag, but that creates layout-breaking long lines of text and changes the font.
Any help is very much appreciated.
I'm assuming you're dealing with just a bunch of plain text entered into a textarea, not some fancy HTML editor as the other answerer assumed.
The reason your line breaks are lost is that HTML doesn't treat line breaks as line breaks. Line breaks are treated as just another space. Only <br> is treated as a line break. (Or <br /> in XHTML) If this is what's happening, you can use the nl2br() function to convert all line breaks into <br>.
Multiple spaces are more difficult. HTML doesn't distinguish between one space and many spaces. Spaces, tabs, line breaks, or any combination thereof, it doesn't matter, it's all treated as a single space. One way to prevent this is to wrap the whole thing in a <pre> or <code> block. But this is ugly unless you're trying to display computer code.
Or if you really desparately need those extra spaces, you could replace all spaces with which forces web browsers to display an extra space. (See edit below.)
Edit: Definitive version which preserves both line breaks and multiple spaces, and also prevents XSS:
<?php echo nl2br(str_replace(' ', ' ', htmlspecialchars($text))); ?>
You could use a rich text editor (TinyMCE, CKEditor) on the initial form which will allow the user to create markup without needing to know how to write HTML.
You then save the submitted markup into your DB (optionally filtering it for unwanted markup / scripting).
When displaying, don't use htmlspecialchars / htmlentities as you will want the content to be interpreted as HTML.
The example web page has 2 fields and allows a user to enter a title and code. Both fields would later be embed and displayed in an HTML page for viewing and/or editing but not execution. In other words, any PHP or javascript or similar should not run but be displayed for editing and copying.
In this case, what is the best way to escape these fields before database insertion and after (for HTML display)
You need to use the function htmlspecialchars() in php
that will change any special characters (eg < and >) into their special HTML encoded characters (eg < and >). When you get these from the database and output them as HTML they will display as code, but won't harm your script or execute.
I faced with the same problem a few days back, to put the codes (javascript or PHP ) in the html in a non executable way, I used textarea, it solved the purpose.
The problem however, was with the database. I cannot use the typical escape functions with the data, as it is affecting my data, for example the tags are getting messed up.
To solve this problem, I encoded the data in base 64 format before putting it in the database. So what is happening is my JavaScript code is encoded and the resultant code is no longer a Javascript code and I can use the escape functions on this and store it in the database.
I am open to suggestions, feel free to comment.
Quick and simple (I hope) question; If a user inputs new lines in a text field, ie:
43 Dennis
Beeston
How can I save the new line rather than have it transferred to the mysql server as one line?!
I am using PHP and mysql.
When you output the field from the database to a html document, either use <pre> or nl2br() (or a <textarea>).
To save the newlines in the database, take a look at mysql_real_escape_string
If you want your newlines displayed as breaks on the page when you display the records, use nl2br.
MySQL should preserve the newline - could it be your output (or your mysql gui) that isn't displaying it?
I have given en Entry Form to the user to input values that are stored in a MySQL table. There is one column called "Project Details", wherein the user can input upto 200 characters and this column is of type "varchar".
Till here everything is fine. The problem starts when the project details contain a number of points that are to be listed on the HTML page as:
(1) .........
(2) .........
(3) .........
It is unsure whether the project details is of one line, one paragraph, a simple text or a numbered list.
Is there any way to save the project details in rich text format in the MySQL table and when PHP shows the page of my website, the text gets listed as it was pasted?
If you want to store something like rich text format, you'll probably want to place it into a BLOB field: http://dev.mysql.com/doc/refman/5.0/en/blob.html which has no actual character set assigned to it
Can I ask though, why you would want to do that? Why not use one of the many rich text editors that convert your information into HTML (like tinyMCE), which from there you can store as-is or pass it through a Html->Textile filter or something similar.
You might want to consider using a simple markup language like Markdown or Textile. These allow you to take natural looking plain text, and then render it as HTML.
Failing that, you could simply display the text verbatim within <pre> tags.
If you are really using RTF, you might need is RTF-to-HTML-Converter, a quick search brought this: http://directory.fsf.org/project/rtf2html/ (untested). Is this what you meant?
What kind of code you store in a MySQL-Database is up to you, but a Varchar is probably not the best field type; you should consider changing it into a Text-field.
I encrypt using base64_encode() and to get I use base64_decode(). Tabs, spaces and special characters are preserved.
$statement->execute(array(':cemail' => $c_email,
':ctel' => $c_tel, ':msg' => base64_encode($c_msg)));
$msg = $rd['texe;];
$msg = base64_decode($msg)
Works perfectly for me
RTF is not the correct way to go because it's not interpreted correctly by webbrowsers.
You should use some markup language like Markdown, the one used here.