I would like to know If I can use a php function on a variable that contains delimiters like ' or ". I'm receiving a text content from my database and I would like to use: strip_tags($desc); on it but it does not work.
Here is an example of what it can contain using var dump:
string(1039) ""txt txt . txt'txt txt txtxtxtxt& " "
I guess you want to remove all tags. You should use the builtin function strip_tags() instead.
I'm assuming you want to work on the variable, not strip out the tags, then use this:
<?php
$str = "A 'quote' is <b>bold</b>";
// Outputs: A 'quote' is <b>bold</b>
echo htmlentities($str);
// Outputs: A 'quote' is <b>bold</b>
echo htmlentities($str, ENT_QUOTES);
?>
htmlentities, will make your ' & " safe to handle, then you can convert them back after if needed.
Reference for code: http://us2.php.net/manual/en/function.htmlentities.php
Try not to use ereg_replace as it is going to be discontinued.
ereg_replace
This function has been DEPRECATED as of PHP 5.3.0 and REMOVED as of PHP 6.0.0. Relying on this feature is highly discouraged.
strip_tags
That said do you want to change all those chars to empty or are you trying to strip the tags? You can also convert the chars to the html_entities.
$desc = strip_tags($desc);
Related
I want to echo a string of an url variable:
echo "direct=1&closeBrowser=1&savelog=log.txt&storage=xfile¯file=klanta\test.html";
except the '¯' creates the ¯ characters. How do i prevent this from happening?
htmlspecialchars function is used to convert special characters to HTML entities. See for reference, https://www.php.net/manual/en/function.htmlspecialchars.php
You can use this code :
$str = direct=1&closeBrowser=1&savelog=log.txt&storage=xfile¯file=klanta\test.html
echo htmlspecialchars($str);
OR you can use regular Expression :
echo preg_replace('/[^a-zA-Z0-9_ -]/s','', $str);
If you want to print a strings as raw text (ignoring any html special entities or tags), then use function htmlspecialchars($string).
Example:
echo htmlspecialchars($your_string);
Details: https://www.php.net/manual/en/function.htmlspecialchars.php
I have read all answers related to this but couldn't get the exact order to sanitize data
I have to input
<?php echo 'yes'; ?>
<?php echo 'yes' ?>
into a text area and submit it in database as it is with line breaks and output the code as it is with line breaks just as stackoverflow is doing.
output comes like this
<?php echo \'yes\'; ?>\r\n\r\n<?php echo \'yes\'; ?>
note : htmlspecialchars() is outputting the exact code but without line breaks ...
nl2br() is not taking /r and /n as line breaks
you can also use the below functions when inserting data
$unwanted = array("-", "_", "+"," ", etc .. );
$yourVariable = str_replace($unwanted, "NULL", $yourVariable);
or
trim($yourVariable);
This function returns a string with whitespace stripped from the beginning and end or yourVariable
i want to know how to keep all whitespaces of a text area in php (for send to database), and then echo then back later. I want to do it like stackoverflow does, for codes, which is the best approach?
For now i using this:
$text = str_replace(' ', '&nbs p;', $text);
It keeps the ' ' whitespaces but i won't have tested it with mysql_real_escape and other "inject prevent" methods together.
For better understanding, i want to echo later from db something like:
function jack(){
var x = "blablabla";
}
Thanks for your time.
Code Blocks
If you're trying to just recreate code blocks like:
function test($param){
return TRUE;
}
Then you should be using <pre></pre> tags in your html:
<pre>
function test($param){
return TRUE;
}
</pre>
As plain html will only show one space even if multiple spaces/newlines/tabs are present. Inside of pre tags spaces will be shown as is.
At the moment your html will look something like this:
function test($param){
return TRUE;
}
Which I would suggest isn't desirable...
Escaping
When you use mysql_real_escape you will convert newlines to plain text \n or \r\n. This means that your code would output something like:
function test($param){\n return TRUE;\n}
OR
<pre>function test($param){\n return TRUE;\n}</pre>
To get around this you have to replace the \n or \r\n strings to newline characters.
Assuming that you're going to use pre tags:
echo preg_replace('#(\\\r\\\n|\\\n)#', "\n", $escapedString);
If you want to switch to html line breaks instead you'd have to switch "\n" to <br />. If this were the case you'd also want to switch out space characters with - I suggest using the pre tags.
try this, works excellently
$string = nl2br(str_replace(" ", " ", $string));
echo "$string";
I'm using textarea to get data that I insert into a database.
I'm using htmlspecialchars() to get rid of the single quotes and double quotes but it doesn't convert new lines into something so I'm left with a very long piece of code that doesn't have new lines and looks messy.
I've checked the manual but I can't find how to convert it.
How would I do this?
EDIT:
My intended output is the same as what the user inputted.
So if they inputted into the textarea...
Hi
This is another line
This is another line
It would store into the database like...
Hi\r\nThis is another line\r\n This is another line.
or something like that.
Then when I echo it again then it should be fine.
Anthony,
If you are referring to when you get it back out and you want it to look nice, and you aren't putting it back into a textarea, you can use the mythical function nl2br() to convert new line characters into HTML characters.
$data = 'Testing\r\nThis\r\nagain!\r\n';
echo nl2br($data);
This results in:
Testing
This
again!
I believe what you are looking for is
nl2br($string);
That will convert the returns to <br> tags
I will also give you this script that has worked well for me in the past when nl2br does not.
$remove = array("\r\n", "\n", "\r", "chr(13)", "\t", "\0", "\x0B");
$string = str_replace($order, "<br />", $string);
It should be:
<?php
addslashes( strip_tags( nl2br( $data ) ) );
?>
addslashes : will escape quotes to prevent sql injection
strip_tags : will remove any html tags if any
nl2br : will convert newline into <br />
I am trying to pass a string to a javascript function which opens that string in an editable text area. If the string does not contain a new line character, it is passed successfully. But when there is a new line character it fails.
My code in PHP looks like
$show_txt = sprintf("showEditTextarea('%s')", $test_string);
$output[] = '<a href="#" id="link-'.$data['test'].'" onclick="'.$show_txt.';return false;">';
And the javascript function looks like -
$output[] = '<script type="text/javascript">
var showEditTextarea = function(test_string) {
alert(test_string);
}
</script>';
The string that was successfully passed was "This is a test" and it failed for "This is a first test
This is a second test"
Javascript does not allow newline characters in strings. You need to replace them by \n before the sprintf() call.
You are getting this error because there is nothing escaping your javascript variables... json_encode is useful here. addslashes will also have to be used in the context to escape the double quotes.
$show_txt = sprintf("showEditTextarea(%s)", json_encode($test_string));
$output[] = '<a href="#" id="link-'.$data['test'].'" onclick="'.htmlspecialchars($show_txt).';return false;">';
Why don't you try replacing all spaces in the php string with \r\n before you pass it to the JavaScript function? See if that works.
If that does not work then try this:
str_replace($test, "\n", "\n");
Replacing with two \ may work as it will encapsulate.
I would avoid storing HTML or JS in PHP variables as much as possible, but if you do need to store the HTML in a PHP variable then you will need to escape the new line characters.
try
$test_string = str_replace("\n", "\\\n", $test_string);
Be sure to use double quotes in the str_replace otherwise the \n will be interpreted as literally \n instead of a new line character.
Try this code, that deletes new lines:
$show_txt = sprintf("showEditTextarea('%s')", str_replace(PHP_EOL, '', $test_string));
Or replaces with: \n.
$show_txt = sprintf("showEditTextarea('%s')", str_replace(PHP_EOL, '\n', $test_string));